Results 1 to 2 of 2
  1. #1
    Platinum Lounger
    Join Date
    Feb 2001
    Location
    Yilgarn region of Toronto, Ontario
    Posts
    5,453
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ZDNet
    I found this interesting reading, especially, for me, the difference between "Finding a bug in the software" and "Exploiting the bug in the software".
    I can see that they are two different skills, but now too I can see that a "buggy" product merely opens the door to problems; it isn't necessarily "The problem".

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    [quote name='chrisgreaves' post='766537' date='21-Mar-2009 01:52']ZDNet
    I found this interesting reading, especially, for me, the difference between "Finding a bug in the software" and "Exploiting the bug in the software".
    I can see that they are two different skills, but now too I can see that a "buggy" product merely opens the door to problems; it isn't necessarily "The problem".[/quote]
    From the developer's (your) perspective, I think you should view the bug as the problem, since you have no control over the OS or the bad guy. Saying the OS and the bad guy are the problem are not really acceptable answers.

    I have read that most vulnerabilities arise from unexpected, unplanned-for, un-validated, and poorly handled user inputs (where the user can be a person or a program). These may not be "cheap" bugs to fix in that regular validation may be expensive (in code size and processing time), but I think it's important to be pro-active and not wait to see whether an exploit comes along that takes advantage of the vulnerability.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •