Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Reverse engineering patches making disclosure a moot choice?
Robert Lemos, SecurityFocus 2005-07-01

When Microsoft released limited information on a critical vulnerability in Internet Explorer last month, reverse engineer Halvar Flake decided to dig deeper.

Comments Mode:
Reverse engineering patches making disclosure a moot choice? 2005-07-06
Anonymous (1 replies)
"...SABRE Security's Flake."

Great name... are we supposed to adhere to findings by analysts such as that?...

[ more ]  [ reply ]
Re: Reverse engineering patches making disclosure a moot choice? 2005-07-08
Anonymous
What's in a name? 0day by any other name smell as sweet......

[ more ]  [ reply ]
Write code correctly the first time 2005-07-07
Karen (1 replies)
The disclosure debate is pointless. If software was written correctly to begin with, there would not be a need for security patches and hence no worries about reverse engineering.

Funny the article does not mention that!

Perhaps it is because software developers cannot write good enough code t...

[ more ]  [ reply ]
Re: Write code correctly the first time 2005-07-11
Anonymous (1 replies)
I agree. Writing code that is "good enough" to put on store shelves and releasing patches over time to fix bugs that are discovered in the future may be a cheaper strategy, but I would think this would be the case only initially. Financial losses that result from exploited vulnerabilities range in t...

[ more ]  [ reply ]
Re: Re: Write code correctly the first time? 2005-07-12
David (1 replies)
Perfect code will be written as soon as we have perfect people. Till then, there will be flaws and patches. As people write more secure code, the attacks will only become more complex. "Secure enough" depends on where you draw the line, perhaps using a cost-benefit analysis....

[ more ]  [ reply ]
Re: Re: Re: Write code correctly the first time? 2005-10-14
Software Engineer
To test it's effectiveness, I reverse engineer my own company's digital filing security solution, and I tend to agree with David. Our core programmers have to make patches for things that didn't start out as an exploitable weakness. As our coders get better I get better, and potential hackers get ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus