[ISN] Microsoft tells how it missed critical IE bug

From: InfoSec News <alerts_at_private>
Date: Tue, 6 Jan 2009 00:32:01 -0600 (CST)
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=331750

By Gregg Keizer
January 5, 2009
Computerworld

Microsoft Corp. developers overlooked a critical bug in the Internet 
Explorer browser because of a lack of adequate testing tools and 
training, a company official acknowledged last month.

The flaw, which Microsoft patched last week with an emergency update, 
had gone undetected for at least nine years.

Michael Howard, a principal security program manager who has been a 
proponent of the company's secure code-development process, said that 
Microsoft programmers had not been taught to look for the type of 
vulnerability that hit the data-binding function of IE. 

[...]


_______________________________________________      
Please help InfoSecNews.org with a donation!
http://www.infosecnews.org/donate.html
Received on Mon Jan 05 2009 - 22:32:01 PST

This archive was generated by hypermail 2.2.0 : Mon Jan 05 2009 - 22:38:30 PST