More about Netscape Bug finder
Mike Duvos
enoch at zipcon.net
Mon Jun 16 22:13:00 PDT 1997
A few comments...
Almost every non-trivial program which runs on a platform which does not
shield the OS from applications can be subverted to give access to the
target machine.
This is hardly news. The fact that a determined Dane with a debugger
managed to poke through the code and break something is neither
earth-shattering nor remarkable.
In something the size of Netscape, I'm sure 999,999 exploits still remain.
The company is hardly going to start writing checks every time someone
finds one of them.
Until all application software runs on secure virtual machines, or passes
bytecode verification and formal proofs of correctness, this problem will
continue to exist, not only in Netscape, but in every other large
application as well.
Big Yawn.
--
Mike Duvos $ PGP 2.6 Public Key available $
enoch at zipcon.net $ via Finger. $
More information about the cypherpunks-legacy
mailing list