Well. On Wed, Mar 24, 2004 at 10:10:28AM -0000, Richard Hatch wrote: > From: "Richard Hatch" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: [Full-Disclosure] Microsoft Coding / National Security Risk > Date: Wed, 24 Mar 2004 10:10:28 -0000 > > Hi all,
/* snip */ > Take a team of really really good C/C++ coders with excellent > security vulnerability knowledge and have them go through the source > code for windows (starting with the core functionality and internet > facing functionality maybe). Find these bugs (including methodical > black-box testing against the binaries) and fix them. Allegedly Microsoft has been doing just exactly this for several years. Ever heard of "Trustworthy Computing?" Done a lot of good, hasn't it? - John -- "Mad cow? You'd be mad too, if someone was trying to eat you." _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html