Yet another take on Microsoft's WMF vulnerability and the patching thereof.
Remember what this article makes clear. What turned out to be a vulnerablity was intended originally as a feature. We can extend that to include other parts of Microsoft's various code bases and realize what security researchers have known for a very long time (this includes both the good guys and the bad guys); A large fraction of MS' code base in both operating systems and applications is quite old and from a kinder, gentler time when organized crime wasn't keen to exploit any vulnerability. Therein lies a large part of the problem. It's not that Microsoft can't write secure code. It's that they really didn't need to when a large part of their code was written.
Not all legacies are good.
Jack
No comments:
Post a Comment
All comments are moderated.
Note: Only a member of this blog may post a comment.