Forwarded from: Russell Coker <russell@private> On Wed, 17 Sep 2003 18:21, InfoSec News wrote: > "One area of investment that we're pursuing is what's called > post-processing of source code to find vulnerabilities, so you > actually go back and you have tools that look through the source > code and help identify potential vulnerabilities. And it is true > that those tools do get dramatically better with each vulnerability > as we learn and can teach them to help spot whole new classes of > attacks that come from hackers," Ballmer said. Excellent point! Now it should be noted that some OSs (such as Linux and BSD Unix) have the source available for anyone to "post process", while some OSs (such as Windows) do not have the source available. So if anyone wants to do research in methods of pro-actively finding security holes then they can't use Windows. With Windows you are limited to what MS can achieve... -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Sep 23 2003 - 11:55:33 PDT