Brandon Bray wrote: >[2] Cigital alleges that the /GS security check feature was a port of >StackGuard. This happens to be untrue, as both technologies were >invented independently. > I challenge that. The StackGuard paper was written in summer 1997, and published in early 1998. The Microsoft /GS paper appeared in mid-2001, and bears a STRIKING resemblance to the StackGuard paper. It is theoretically possible that /GS was an independent invention, but only by being astonishingly ignorant of the literature. >[1] "Writing Secure Code" is the prescriptive guide to Microsoft >developers for, oddly enough, writing secure code. > Funnily enough, this book (published in November 2001) actually refers to the stack ornaments that provide for overflow detection as "canaries," a term coined in the StackGuard 1998 paper. See the book's index and search for "canary" http://www.microsoft.com/mspress/books/index/5612.asp#Index If it was independent invention, there are a lot of surprising coincidences. Crispin -- Crispin Cowan, Ph.D. Chief Scientist, WireX Communications, Inc. http://wirex.com Security Hardened Linux Distribution: http://immunix.org Available for purchase: http://wirex.com/Products/Immunix/purchase.html The Olympic Games: A Century of Corruption and Graft The FIS: Crushing the soul of snowboarding
This archive was generated by hypermail 2b30 : Fri Feb 15 2002 - 07:39:02 PST