Forwarded from: Felix von Leitner <leitnerat_private> Thus spake InfoSec News (isnat_private): > PCW: Tell me what Microsoft does to produce secure software. > Culp: You start off with security in the design. Then you're relying > on good coding practices and on compiling tools to help you catch as > many errors as you can. Once implementation is done, you have testing > of the whole. Excuse me? Is this Scott Culp from the Microsoft of the parallel universe where Spock has a beard? The Microsoft I know does neither design with security in mind (otherwise, explain ActiveX and COM!), nor does it have good coding practices (otherwise, explain the trillion buffer overflows in code running at system privilege in IIS), nor is there any evidence of any tools that helps them catch a single bug. Look at how they embarass themselves week after week, with this very mailing list carrying news of their latest blunders! Sheesh! Felix - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 18 2001 - 02:38:31 PDT