[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More about Netscape Bug finder

To: [email protected]
Subject: Re: More about Netscape Bug finder
From: Mike Duvos <[email protected]>
Date: Mon, 16 Jun 1997 21:59:00 -0700 (PDT)
In-Reply-To: <v030209a4afcb8c31bbc6@[139.167.130.246]> from Robert Hettinga at "Jun 16, 97 10:41:24 pm"
Sender: [email protected]


A few comments... 

Almost every non-trivial program which runs on a platform which does not
shield the OS from applications can be subverted to give access to the
target machine. 

This is hardly news.  The fact that a determined Dane with a debugger
managed to poke through the code and break something is neither
earth-shattering nor remarkable. 

In something the size of Netscape, I'm sure 999,999 exploits still remain. 
The company is hardly going to start writing checks every time someone
finds one of them.

Until all application software runs on secure virtual machines, or passes
bytecode verification and formal proofs of correctness, this problem will
continue to exist, not only in Netscape, but in every other large
application as well.

Big Yawn. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     [email protected]   $    via Finger.                      $

References:
- More about Netscape Bug finder
  - From: Robert Hettinga <[email protected]>

Prev by Date: !! Guaranteed $10,000 In Credit Within Days!
Next by Date: Re: We need more surveillance--a morality play about terrorism
Prev by thread: More about Netscape Bug finder
Next by thread: Re: More about Netscape Bug finder
Index(es):
- Date
- Thread