On Wed, 24 Mar 2004 10:10:28 GMT, Richard Hatch <r.hatch@xxxxxxxxxxxxxxxx> said: > So my idea is this: > Take a team of really really good C/C++ coders with excellent security > vulnerability knowledge and have them go through the source code for windows > (starting with the core functionality and internet facing functionality > maybe). Find these bugs (including methodical black-box testing against the > binaries) and fix them. How many "really good" C/C++ coders will it take to go through the 35 million lines of code in Windows XP in a reasonable amount of time? How many "really good" C/C++ coders are *available*? That's overlooking the fact that some things can't be fixed at the coder level. The average coder can fix a buffer overflow. The average coder can't fix a design flaw like the ones exploited in Liu Die Yu's "Six Step IE Remote Compromise" attack - those sorts of things require major architectural overhauls. To see what happens when you try that, go back and look at the furor when Microsoft finally closed the 'user@pass:host' hole in http requests - you run that sort of risk of breakage anytime you make an architectural change. It's issues like that which make the rule of thumb: "Security has to be designed in from the beginning, it can't be bolted on after the fact".
Attachment:
pgp00115.pgp
Description: PGP signature