ZDNet UK


Skip to Main Content

  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Desktop platforms Toolkit in association with http://ad.doubleclick.net/clk;205413468;14699245;m?http://adfarm.mediaplex.com/ad/ck/2397-58840-22058-14

Microsoft turns to automatic code checks

Published: 27 May 2004 12:25 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Although developers test their software today for flaws, the testing is usually structured to determine if the software works properly rather than whether intentionally improper actions cause the software to fail.

According to Armistead, software developers say, "I am not going to catch everything, and (that's OK, because) it is accepted industry practice to ship the product and let people tell me what's wrong with it."

However, not all security researchers come forward with flaws that they find. Moreover, many security experts believe that developers could become legally liable for the software bugs they don't find, especially if the tools are available to detect those errors.

That's why new products to automatically find the errors are making headway. For example, @Stake, company that had focused on security services, now sells a tool to scan a program's binary code so that any user can test software security. Another company, Reflective, applies several different analysis techniques to scan for flaws.

"Down the road, you want everyone to be using these tools in their compilers," said David Evans, assistant professor for computer science at the University of Virginia and the creator of some of the code analysis technology used by Reflective. "It is a real embarrassment to the industry that people still produce code with buffer overflows."

Buffer overflows are a common memory error that allow online attackers to run malicious code on other people's computers. The MSBlast and Sasser worms both used buffer overflows in Microsoft's Windows operating system to spread across the Internet. Yet buffer overflows aren't new -- security researchers have known about them for three decades.

Despite the potential for these code analysis tools to help alleviate such long-standing problems, not everyone believes the technology is ready for the real world.

Next

Previous

1 2 3 4


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
212 out of 415 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Desktop platforms



Company/Topic Alerts

Create a new alert from the list below:






Related Jobs

CAD Design Engineer

Application Support Analyst Programmer

Programming Language Specialist

Microsoft Futures

Windows 7: Mixed reviews from PDC attendees

As developers received their copies of Windows 7 on Tuesday, they offered varied reactions to the Microsoft operating system update More

Microsoft floats clouds on Windows Azure

At the Professional Developers Conference, Microsoft announced the Azure Services Platform, the company's cloud-computing platform More

Ozzie: Success of Azure comes down to trust

In an interview, Ray Ozzie says businesses will be taking a risk by placing core operations in Microsoft's datacentre, but that the software giant has more to lose if things go bad More

Desktop Management Benchmarking

Test Your Desktop Management Systems

How good are your company's desktop management solutions? How do they compare with those of your peers?

Take two minutes to complete our new Desktop Management and Energy Consumption benchmark, and find out what issues your business needs to focus on.