Re: Three Minutes With Microsoft's Scott Culp

[InfoSec News <isn () c4i org>]

Forwarded from: Felix von Leitner <leitner () vim org>

Thus spake InfoSec News (isn () c4i org):

> PCW: Tell me what Microsoft does to produce secure software.

> Culp: You start off with security in the design. Then you're relying
> on good coding practices and on compiling tools to help you catch as
> many errors as you can. Once implementation is done, you have testing
> of the whole.

Excuse me?  Is this Scott Culp from the Microsoft of the parallel
universe where Spock has a beard?

The Microsoft I know does neither design with security in mind
(otherwise, explain ActiveX and COM!), nor does it have good coding
practices (otherwise, explain the trillion buffer overflows in code
running at system privilege in IIS), nor is there any evidence of any
tools that helps them catch a single bug.  Look at how they embarass
themselves week after week, with this very mailing list carrying news
of their latest blunders!

Sheesh!

Felix



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.