>Heald, Tim wrote:
>>
>> Since the source code leaked, and there is no review, bug or patch
>> process in place, and since we have all seen how slow M$ can be to respond
>> to vulnerabilities, often times needing 2 or 3 patches before they
>> actually fix a problem, I can see why people think this is a major
>> problem.
>
> Not really. Maybe if *all* the source code leaked. But this is only about 3%.
I take that back: http://www.securitytracker.com/alerts/2004/Feb/1009067.html
Also, its4 is a C security hole analyzer. It produces the following statistic:
> its4 -s2 `find -name *.c` 2>/dev/null |grep 'Very Risky' | wc -l
> 397
So if we extrapolate, we get at 12000 'Very Risky' issues in the entire code.
Jochem
[Todays Threads]
[This Message]
[Subscription]
[Fast Unsubscribe]
[User Settings]
- FW: Windows Source Code Loose on the 'Net\ Larry C. Lyons
- Re:FW: Windows Source Code Loose on the 'Net\ dana tierney
- RE: FW: Windows Source Code Loose on the 'Net\ Heald, Tim
- Re:FW: Windows Source Code Loose on the 'Net\ Jochem van Dieten
- RE: FW: Windows Source Code Loose on the 'N... Angel Stewart
- Turning on logging in OUtlook. Angel Stewart
- RE: FW: Windows Source Code Loose on th... Angel Stewart
- RE: FW: Windows Source Code Loose on the 'N... Jochem van Dieten
- RE: FW: Windows Source Code Loose on the 'Net\ Heald, Tim