[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Microsoft Coding / National Security Risk

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Microsoft Coding / National Security Risk
From: John Sage <jsage@xxxxxxxxxxxxxx>
Date: Wed, 24 Mar 2004 06:52:49 -0800

Well.

On Wed, Mar 24, 2004 at 10:10:28AM -0000, Richard Hatch wrote:
> From: "Richard Hatch" <r.hatch@xxxxxxxxxxxxxxxx>
> To: <full-disclosure@xxxxxxxxxxxxxxxx>
> Subject: [Full-Disclosure] Microsoft Coding / National Security Risk
> Date: Wed, 24 Mar 2004 10:10:28 -0000
> 
> Hi all,

/* snip */

> Take a team of really really good C/C++ coders with excellent
> security vulnerability knowledge and have them go through the source
> code for windows (starting with the core functionality and internet
> facing functionality maybe).  Find these bugs (including methodical
> black-box testing against the binaries) and fix them.

Allegedly Microsoft has been doing just exactly this for several
years.

Ever heard of "Trustworthy Computing?"

Done a lot of good, hasn't it?


- John
-- 
"Mad cow? You'd be mad too, if someone was trying to eat you."

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Microsoft Coding / National Security Risk
  - From: joe

References:
- [Full-Disclosure] Microsoft Coding / National Security Risk
  - From: Richard Hatch

Prev by Date: Re: [Full-Disclosure] viruses being sent to this list
Next by Date: [Full-Disclosure] TrendMacro Interscan Viruswall Directory Traversal
Previous by thread: Re: [Full-Disclosure] Microsoft Coding / National Security Risk
Next by thread: RE: [Full-Disclosure] Microsoft Coding / National Security Risk
Index(es):
- Date
- Thread