[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Isn't this flogging a dead horse? http://www.microsoft.com/security/bluehatprize/ ... to tackle memory safety vulnerabilities.... Well Windows Vista has ASLR, NX Execution if hardware supports it, software DEP (i.e. machine code validation), and no doubt various other little features, and memory safety is still a big issue.... I'm sure one could enhance the machine code validation, and this is likely to be a route to the prize, and if you can reimplement memory allocation you might be able to add some more features. However at some point we probably ought to do what the DOD did a long time ago (and vaguely abandoned for some purposes) and switch to programming in languages which either do runtime checking, or are easier to validate. Validation seems like the smart route to me, since then you don't sacrifice performance, and then we can probably eradicate some of these other checks (which do impact performance, be it ever so marginal by the standards of when these languages were invented). What we need is a programming language like C and C++ which has good validation features, and less of the problem features. Hmm surely someone has invented one of those already ;) Still if you want a fun problem, try taking the Android approach to Windows - it will break a lot of existing code - but it offers some vague chance of a prize that if you win might cover a fraction of your costs. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq