TEAM-ADA Archives

Team Ada: Ada Programming Language Advocacy

TEAM-ADA@LISTSERV.ACM.ORG

Options: Use Forum View

Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
From:
Bob Luten <[log in to unmask]>
Reply To:
Bob Luten <[log in to unmask]>
Date:
Mon, 19 Nov 2001 14:49:41 -0800
Content-Type:
text/plain
Parts/Attachments:
text/plain (74 lines)
Craig,

Actually, I think your apparent emphasis (see the article link) on privacy
over security is only partly right.  Microsoft's products are so widely used
that they are the prime target for hacker/crackers, and as such must become
bullet-proof.  Being as good as the rest of the industry is not nearly good
enough!

I've been concerned for quite a long time that the use of 'C' for commercial
products leads to many of the security holes the community is finding.  For
example, a 'C' string is inherently unbounded and its "end" can be
determined only by scanning the string for a NULL.  A safer approach is a
counted array of characters, a la the COM safe array approach.

While Ada advocates would promote the use of Ada to solve the many problems
'C' brings to the table, there are others that acknowledge that the problems
can not be solved so simply.  But as a starting point, I suspect that some
of the problems would be solved by insisting that your developers do a
bounds check on EVERY string passed into Microsoft applications.

I'm sure that there are many other "style" issues that could be put in place
to get a handle on the security problems.  Please apply as much pressure as
you can to establish an appropriate "style guide" and make it MANDATORY for
your developers, and establish a testing regime that ensures that the guide
is followed.

  -- Bob, in the hills northeast of San Jose --


----- Original Message -----
From: <[log in to unmask]>
To: <[log in to unmask]>
Sent: Monday, November 19, 2001 12:58 PM
Subject: THE INFOWORLD SCOOP P.M. EDITION, Monday, November 19, 2001


> ========================================================
> THE INFOWORLD SCOOP                         P.M. EDITION
> ========================================================
>
> Monday, November 19, 2001
>
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> TOP NEWS STORIES
>
> * Microsoft attempts security culture reinvention
>
> ... [snip] ...
> - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> MICROSOFT ATTEMPTS SECURITY CULTURE REINVENTION
>
> Posted November 19, 2001 11:28 Pacific Time
>
> IT MIGHT BE something of a joke in IT circles to use
> the words "Microsoft" and "security" in the same
> sentence, but Bill Gates' senior advisor on the
> subject is on a mission to change all that.
>
> "As a company we're changing our bias to say safety and
> security first," explained Craig Mundie, Microsoft's
> senior vice president of advanced strategies, during
> an interview with InfoWorld in Redmond, Wash., last week.
>
>
> For the full story:
>
http://www.infoworld.com/articles/hn/xml/01/11/19/011119hnmssecure.xml?1119m
npm
>
> ... [snip] ...

ATOM RSS1 RSS2