So, again, who is to blame for worms?

by Anton Chuvakin

Related link: http://www.computerworld.com/securitytopics/security/story/0,10801,104069,00.htm…



This piece, while far from eye-opening, inidicates an ongoing industry confusion about who is responsible for the losses caused by the raging worms of the day. Three common choices are: OS/application developers who code crude, technology end users who don't patch (and never harden) or hackers who create worms.


The author of this paper fires his broadside at the OS developer ("Isn't it time for Microsoft to stop selling operating systems with buffer overflow security holes?"). As I note above, this is only one of the three possibilities...


2 Comments

jbond
2005-08-22 09:43:55
I blame
I blame Kernigan and Ritchie! Shouldn't the programming language include bounds checking to make it hard to write code that's likely to allow buffer overflows? Seriously, C and C++ is at the core of this problem.
wbk
2005-08-22 10:56:24
I blame
Shouldn't the programming language include bounds checking to make it hard write code ...?


No, but gcc supports fine-grained pointer/bounds checking anyway:


http://sourceforge.net/projects/boundschecking/