Sam's Comments on the latest Windows Security Holes

Sam pretty much says it as it is ...

I am not naive enough to think that millions of lines of unmanaged C++ code won't have buffer overruns in *any* OS (all C/C++ based OS like Linux, Mac, etc will have buffer overruns too), but the disconcerting news is that it also occured in Win2K3. I had just sold management in the company I am clienting for on the ability of W2K3 to avoid these, with the line that during the Windows Security Push, all 9,000+ Windows developers stopped and poured over essentially every line of Windows code remove these kinds of situations and make W2K3 the most secure OS. Now two of these in the last month.

I couldn't agree more ... Just yesterday, I had a discussion with the CTO of a current client. He's a 20+ year industry veteran and he was wondering why Microsoft hadn't stopped in their tracks and underwent some massive code reviews to get rid of the problem for once and for all. It felt pretty stupid to acknowledge that supposedly that happened last year and delayed the Win 2k3 ship schedule by several months. Now I wonder how bad it would have been if they hadn't done this.

Anyway, this is as bad as it can be and it needs to stop! It's getting impossible to make a point for Microsoft and Win 2k3. Microsoft: Do what you have to do, but do it. I can't take the whole “Trustworthy Computing“ thing serious at this point.