QA, Anyone?

March 30th, 2007

Microsoft is not alone when it comes to writing vulnerable code. It’s downright hard to write secure code in low-level languages. It’s understandable, especially when most of your core code was written before buffer overflow exploits were even understood by most programmers. But when a vulnerability is pointed out in your code, and you claim to spend inordinate amounts of time developing and testing patches for it, wouldn’t it make sense to spend a little time auditing the rest of the code for the same bug?

Read more…