Tuesday, January 10, 2006

Microsoft to hunt 'new species' of bugs

Yet another take on Microsoft's WMF vulnerability and the patching thereof.

Remember what this article makes clear. What turned out to be a vulnerablity was intended originally as a feature. We can extend that to include other parts of Microsoft's various code bases and realize what security researchers have known for a very long time (this includes both the good guys and the bad guys); A large fraction of MS' code base in both operating systems and applications is quite old and from a kinder, gentler time when organized crime wasn't keen to exploit any vulnerability. Therein lies a large part of the problem. It's not that Microsoft can't write secure code. It's that they really didn't need to when a large part of their code was written.

Not all legacies are good.

Jack

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.