Information Security News mailing list archives
Re: Three Minutes With Microsoft's Scott Culp
From: InfoSec News <isn () c4i org>
Date: Thu, 18 Oct 2001 02:47:14 -0500 (CDT)
Forwarded from: Felix von Leitner <leitner () vim org> Thus spake InfoSec News (isn () c4i org):
PCW: Tell me what Microsoft does to produce secure software.
Culp: You start off with security in the design. Then you're relying on good coding practices and on compiling tools to help you catch as many errors as you can. Once implementation is done, you have testing of the whole.
Excuse me? Is this Scott Culp from the Microsoft of the parallel universe where Spock has a beard? The Microsoft I know does neither design with security in mind (otherwise, explain ActiveX and COM!), nor does it have good coding practices (otherwise, explain the trillion buffer overflows in code running at system privilege in IIS), nor is there any evidence of any tools that helps them catch a single bug. Look at how they embarass themselves week after week, with this very mailing list carrying news of their latest blunders! Sheesh! Felix - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Three Minutes With Microsoft's Scott Culp InfoSec News (Oct 04)
- <Possible follow-ups>
- Re: Three Minutes With Microsoft's Scott Culp InfoSec News (Oct 18)