Microsoft open-sources fuzzing tool it uses in-house to keep Windows so very secure Microsoft has open-sourced the fuzzing tool it uses to scour its own code for potential security vulnerabilities. Fuzzing is a way of testing software by feeding it random inputs in the hope it fails in revealing ways. The technique is widely admired because it gets results and can be automated. The tool Microsoft has …
"That pedigree may not fill you with confidence seeing as Microsoft’s September patch dump fixed 129 flaws"
To be fair, it actually *does* inspire a little more confidence than you might otherwise expect. After all, presumably their tools have pro-actively uncovered most of these issues and are therefore of a decent quality.
If they were *not* putting out patches and fixes, that's when I'd worry that the fuzzing tools were poor quality as they were finding nothing (obviously a fair number of the flaws are found by others and reported to Microsoft, but I'd expect most of them were discovered in-house).
Fair enough, but I'd prefer if the flaws were uncovered *before* release, not after.
I wonder if there's an overreliance on "the tool will find all the bugs for us" versus "hire hood programmers and testers, hive them the time, training, and tools they need".
Their developers definitely have the time, training and tools. What they don't have is the luxury of being able to eliminate bad ideas through complete code rewrites. While they did separate their Native API from the Public (Win32) API, allowing them to change a lot of core code, they're committed to Win32 API stability to the point where VB6 code still works.
In the land of GNU/Linux, volunteers can push forward better solutions and outright ditch bad ideas. In the fantasy world of Apple, the company forces developers to adopt better solutions in a uniform manner. In the world of Windows, developers just shrug off new solutions, knowing Microsoft must maintain the old ones to avoid upsetting enterprises dependent on old stuff.
(Edit: That's Public, not Pubic)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
