[ISN] Re: Three Minutes With Microsoft's Scott Culp

From: InfoSec News (isnat_private)
Date: Thu Oct 18 2001 - 00:47:14 PDT

  • Next message: InfoSec News: "Re: [ISN] Microsoft Rallies Industry Against Bug Anarchy"

    Forwarded from: Felix von Leitner <leitnerat_private>
    Thus spake InfoSec News (isnat_private):
    > PCW: Tell me what Microsoft does to produce secure software.
    > Culp: You start off with security in the design. Then you're relying
    > on good coding practices and on compiling tools to help you catch as
    > many errors as you can. Once implementation is done, you have testing
    > of the whole.
    Excuse me?  Is this Scott Culp from the Microsoft of the parallel
    universe where Spock has a beard?
    The Microsoft I know does neither design with security in mind
    (otherwise, explain ActiveX and COM!), nor does it have good coding
    practices (otherwise, explain the trillion buffer overflows in code
    running at system privilege in IIS), nor is there any evidence of any
    tools that helps them catch a single bug.  Look at how they embarass
    themselves week after week, with this very mailing list carrying news
    of their latest blunders!
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 02:38:31 PDT