>>
>> Since the source code leaked, and there is no review, bug or patch
>> process in place, and since we have all seen how slow M$ can be to respond
>> to vulnerabilities, often times needing 2 or 3 patches before they
>> actually fix a problem, I can see why people think this is a major
>> problem.
>
> Not really. Maybe if *all* the source code leaked. But this is only about 3%.
I take that back: http://www.securitytracker.com/alerts/2004/Feb/1009067.html
Also, its4 is a C security hole analyzer. It produces the following statistic:
> its4 -s2 `find -name *.c` 2>/dev/null |grep 'Very Risky' | wc -l
> 397
So if we extrapolate, we get at 12000 'Very Risky' issues in the entire code.
Jochem
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
