Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gates: 'You don't need perfect code' for Security

Posted by CmdrTaco on from the no-such-thing-as-perfect-code-anyway dept.

securitas writes "ITBusiness has an interview from the Microsoft Professional Developers Conference where Bill Gates says 'You don't need perfect code to avoid security problems.' Instead he suggests that users acquire and properly configure firewalls and make sure that they keep their software patches up-to-date. Considering that Microsoft says it is focused on security, the comments from the Chief Software Architect aren't inspiring, especially beacuse the underlying attitude seems to contradict the idea of well-written, secure code. What kind of message does that send to the developers who work for Gates?"

3 of 593 comments (clear)

  1. Re:Since when is Bill Gates a security expert? by Rhys · · Score: 5, Informative

    The really great thing is we just had a Microsoft security speaker at the ACM Reflections|Projections conference at UIUC.

    He was talking about how important it is to have secure code, and all the initiatives they have to fix security holes.

    He also talked about how fast worms are spreading these days. Patching is not going to be sufficient - a bug discovered and posted will turn into a worm hours or days before Microsoft will respond with a patch. By then it'll be too late.

    --
    Slashdot Patriotism: We Support our Dupes!
  2. Patching only protects against amateurs by Animats · · Score: 3, Informative
    The whole "patching" approach is bogus. It only protects against nuisance attacks. A serious attacker, one who's doing it for gain and has a specific target, isn't restricted to whatever the script kiddies are using this week. They can exploit any vulnerability, well known or not.

    From a military perspective, "patching" is equivalent to deploying your forces to protect against kids throwing rocks over the base fence. That won't help when an organized force attacks.

  3. Re:Since when is Bill Gates a security expert? by Otter · · Score: 4, Informative
    At any rate, the question was about outside developers, not Microsoft code. His point was that in a well-designed system with safe APIs, a reliable, usable update system and good blocking, there's less burden on the developers to get every detail right -- and that Microsoft hasn't provided such an environment.

    It's roughly analogous to insisting that Unix permissions make harmful worms and viruses impossible, except less false.

    --
    What I'm listening to now on Pandora...