Secure Coding mailing list archives
Re: Spot the bug
From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Thu, 21 Jul 2005 12:33:43 +0100
http://msdn.microsoft.com/security/Heh. They want us to do their code review for them?Did you look at it?
I looked at the referred-to blog. I didn't see any code, though I didn't do much webcrawling looking for any - perhaps I was too early, or perhaps I just missed the crucial link, or something. (But whatever it was, it must still be; I just now looked - http://blogs.msdn.com/brianjo/archive/2005/07/18/440179.aspx, as linked to by http://msdn.microsoft.com/security/ - and still can't see any code there. Maybe it's that [INLINE] - I didn't bother fetching images - or maybe I need to have JavaScript or ActiveX or some such security-disaster-waiting-to-happen to get it; I don't know. I do see three javascript: links, arguing in favour of the JavaScript theory.)
The current one is a 4-line toy bug. It's a contrived example, and theposter obviously already knows there is a bug.
You think they are going to work their way up to: "Umm... great so far, readers. Now look at these 10,000 lines and tell us where the bug is..."?
Basically, yeah. When dealing with anything Microsoft, I not only look the horses in the mouths, I am inclined to X-ray and ultrasound them, and even then may not buy. I don't trust Microsoft even as far as I can throw them. Maybe this is exactly what it appears to be. In that case, well, good for them, and maybe it will begin to do some epsilon of good, start chipping away at the mountain of negative karma they've built up. But maybe it's not, too. And if I want examples of bad code I hardly have to go to Microsoft to find them. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Spot the bug Mark Curphey (Jul 19)
- Re: Spot the bug ljknews (Jul 19)
- Re: Spot the bug Pascal Meunier (Jul 19)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug der Mouse (Jul 19)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug der Mouse (Jul 21)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug John Steven (Jul 19)
- Re: Spot the bug Christopher Canova (Jul 20)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug Christopher Canova (Jul 20)
- <Possible follow-ups>
- RE: Spot the bug Michael Howard (Jul 21)
- Re: Spot the bug ljknews (Jul 19)