Trustworthy Computing’s Impact a Decade On: Looking Back, Looking Ahead

Discussion in 'other security issues & news' started by ronjor, Jan 13, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    https://blogs.technet.com/b/microso...oking-back-looking-ahead.aspx?Redirected=true
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Trustworthy Computing’s Impact a Decade On: Looking Back, Looking Ahead

    Wow, I did a double-take when I read this last sentence!

    Two things come to mind.

    First, many years ago, one of my friends who was a great influence on my thinking in security retired as a programmer. It was customary in his times, he explained, to check and recheck each line of code for any bugs. Self-respecting programmers would be embarrassed -- if a buffer overflow today--, for example, showed up in their code.

    The current problem (many vulnerabilities showing up) from his perspective was not bad programmers, rather, the urgency to release products on the market before the competition did, or to meet marketing goals (release by Christmas, etc.)

    Second, in fairness, code has become so complex (especially code in an Operating System) that testing for vulnerabilities is a real problem.

    Microsoft addressed this shortly after the Conficker worm which exploited MS08-067:

    MS08-067 and the SDL
    http://blogs.msdn.com/b/sdl/archive/2008/10/22/ms08-067.aspx
    ----
    rich
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    To quote: "We're 10 years in. The software world is dramatically different, but we are still only at the start of a very long trip."
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Trustworthy Computing’s Impact a Decade On: Looking Back, Looking Ahead

    And how different from my friend's world!

    The TWC initiative has been effective, but it's up against a lot of boulders in the road as it proceeds. One huge impediment is the huge number of brilliant cybercriminal programmers worldwide poring over the same lines of code, looking for potential bugs/vulnerabilities in almost every software product in the market!


    ----
    rich
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Not to mention outright thieves. :)
     
  6. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    Ah! Living the dream...confabulation ;)
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Trustworthy Computing’s Impact a Decade On: Looking Back, Looking Ahead

    What's the difference?!


    ----
    rich
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Some want the money, some want the mayhem.
     
  9. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Re: Trustworthy Computing’s Impact a Decade On: Looking Back, Looking Ahead

    Thanks, I'll make a note of that!


    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.