Slashdot Mirror
Microsoft's Security Development Process Under CC License
An anonymous reader writes "The H Online writes: 'Microsoft has placed its process for secure software development under a Creative Commons License. The company hopes that this will lead to more developers utilising its process for programming software more securely across the entire product lifecycle ...'"
if the thieves are getting past the guards, I would not want to emulate them. Something is wrong and needs to change, and till its changed I would not want to copy a security model that isn't secure. The question is, is it insecure because of a failure in the model or is it because so many resourceful thieves are finding ways around the so called safeguards. Who can know?
www.Migrainesoft.com - Computer giving you a headache? We can fix that!
I think it's simpler than that.
Windows can be very heavily locked down so end-users can literally do nothing more than that which is explicitly made available to them. Heck, with something like SteadyState, it can even roll back any changes with a simple reboot.
But far too many third party developers seem to actively go out of their way to break any security - they seem to have some sort of mental block understanding that the assumptions you make when you're designing an application which will run on a system which you can more or less guarantee will only ever have one person using it (and that person has no realistic hope of screwing it up badly simply because there's so little to screw up) simply do not work on a modern multi-user, multi-tasking networked operating system.
I've lost count of the number of applications - and these aren't crappy things you find on download.com, they're expensive commercial products that are intended to have multiple users - that explicitly expect the end-user to have local admin rights and their first support response is "Does the user have admin rights? No? Go away and come back when they do. I don't care if you can explicitly prove that this isn't the issue here...".
Pretty sure you have no idea about Unix internals vs NT internals. UNIX doesn't have ACL security.
So, the "Unix internals vs NT internals" is resumed as UNIX not having ACL security?
Pfffff.. Yeah, looks like you know a lot more on the subject.
WRONG. Unlike windows, which only supports ONE ACL scheme which is builtin, the most variety of UNIXes out there supports complex ACL mechanisms through a modular design or patches. Windows ACLs are also very basic compared to the full access control provided by SELinux.
Keywords: SELinux, GRSecurity, FS extended attributes, PAM, ...
Now go back under the rock you came from.
WTF are you prattling on about? .NET insecure? Seriously? Do you even know what you're talking about? You are making vague claims that make little sense. Like calling the Firefox plug-in a security flaw.. It's using the mechanism that Firefox provided for machine wide-plugins. Firefox has since improved on that, but it wasn't MS's fault nor was it a security flaw.
Please, point me to some evidence of any severe unpatched .net flaws or exploits. I don't know of any. I think you are confused and simply applying catchphrases you've heard and pretending you know what you're talking about.
If you need web hosting, you could do worse than here