Secure Coding mailing list archives
Re: Spot the bug
From: "John Steven" <jsteven () cigital com>
Date: Wed, 20 Jul 2005 00:26:47 +0100
I'm excited that Microsoft is reaching out and providing this learning aid. Most people I interview don't know how to spot some pretty simply vulnerable code constructs. I'll even have my newbies subscribe to this RSS for a spell, in hopes that their attack toolkit may be augmented. But, some advice for Microsoft if they're listening: When the initial entrées are so ridiculously simple that they don't even bear a full minute of scrutiny, they are best served in sets of 10. That gives the audience enough problems to puzzle through that they can mentally engage. Long-term, I don't fear the validity of the approach because some exploitable constructs are very subtle. ----- John Steven Principal, Software Security Group Technical Director, Office of the CTO 703 404 5726 - Direct | 703 404 9295 - Fax Cigital Inc. | [EMAIL PROTECTED] 4772 F7F3 1019 4668 62AD 94B0 AE7F EEF4 62D5 F908
From: Mark Curphey <[EMAIL PROTECTED]> If you fancy yourself as a good code reviewer you can play spot the bug at MSDN. They will be getting harder ! http://msdn.microsoft.com/security/
---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ----------------------------------------------------------------------------
Current thread:
- Spot the bug Mark Curphey (Jul 19)
- Re: Spot the bug ljknews (Jul 19)
- Re: Spot the bug Pascal Meunier (Jul 19)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug der Mouse (Jul 19)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug der Mouse (Jul 21)
- Re: Spot the bug Blue Boar (Jul 19)
- Re: Spot the bug John Steven (Jul 19)
- Re: Spot the bug Christopher Canova (Jul 20)
- Re: Spot the bug Dave Aronson (Jul 21)
- Re: Spot the bug Christopher Canova (Jul 20)
- <Possible follow-ups>
- RE: Spot the bug Michael Howard (Jul 21)
- Re: Spot the bug ljknews (Jul 19)