共用方式為


Insecurity Training

I spent most of the day yesterday in a conference room with about a thousand other co-workers of mine.  I know them all personally. You should have seen the size of the table!  But seriously, it was a mandatory training session for the likes of us unruly code slingers.  Microsoft is serious about security.  I’m not cheerleading here.  I’m not trying to convince you of anything.  The powers-that-be have raised the focus on security to a level of utter annoyance; security reviews, threat analysis, tools that discover, tools that defend.  Now they even want to rate us on whether we adhere to these ‘rules’ or not; no more flagrant use of strcpy; no more cryptic pointer arithmetic; no more fixed sized buffers sitting innocently on the stack;  no more XOR encryption.  It’s gotten to the point where I don’t know if I can code anymore.  Between security concerns and the paralyzing fear that just about every common practice is now buried in some gold-digger’s patent portfolio, I don’t know if there is a safe line of code to write; seriously. 

 

We’d be better off just compiling large libraries of last-known-safe algorithms.  Then if we needed to build something we could just cut-and-paste these suckers into our editor.  We would never actually be ‘writing’ code anymore.  We’d be ‘orchestrating’ code.  I can see it now, the operating system of the future comes complete with a vast library of API’s that are deemed safe and covered by licensing that allow you free use of such things as:  assignment, arithmetic, comparison, and if you buy the enterprise edition you even get the ‘branch’ instruction.  The compilers of tomorrow would only compile to these calls, they would not generate any other processor instructions, because those would all be patented by someone or proven a threat to security.

 

But I digress

 

Matt

Comments

  • Anonymous
    May 04, 2004
    "the operating system of the future comes complete with a vast library of API’s that are deemed safe"

    You mean like .net is giving us? (Assuming of course that there are no buffer overflows in the .net libraries).

    If you go down that route you end up wondering if the libraries you are using are, in fact, safe. One argument for Open Source I guess.
  • Anonymous
    May 04, 2004
    The comment has been removed
  • Anonymous
    May 04, 2004
    The comment has been removed
  • Anonymous
    May 04, 2004
    I agree. It seems you cannot trust yourself anymore. Maybe it should have been paranioa training instead.
  • Anonymous
    May 04, 2004
    Wow... Thanks for the rant. I enjoyed it.
  • Anonymous
    May 04, 2004
    Microsoft apparently use a couple of tools, PREfast and PREfix, internally for enforcing these coding guidelines. They're basically the same thing, as I understand it; PREfast (as the name suggests) is a lot faster, but tests fewer rules.

    Am I right in thinking that PREfast is automatically run on check-in to certain source repositories, while PREfix runs on the daily build?

    Driver developers can use a driver-tuned version of PREfast (shipped in the current DDK, IIRC). I believe that the intention is to ship it with Visual Studio 2005 (no, I can't remember where I read that!)
  • Anonymous
    May 04, 2004
    It was not really a rant. It was sort of tongue-in-cheek. I do think security is serious, I just think the types of mistakes that most commonly lead to security holes is just stupid programmers! :-)

  • Anonymous
    May 05, 2004
    In defense, there are no stupid programmers... just misinformed ones..