"Sure, the SQL server shouldn't have been vulnerable -- but with hundreds of products comprising billions of lines of code, should Microsoft be required to discover and prevent every single vulnerability before releasing the product?"

The pure and simple answer is YES!

Using your automobile analogy, automakers are responsible for every little bolt and screw in the vehicle, and they don?t even make them. Yet it is their responsibility to test them and make sure they will do there job without failing. Software companies should be held as responsible for the code they write. People?s lives are in as much danger with bad code as they are with bad screws.

It doesn?t matter how many billions of lines of code or even if it were trillions of lines. It isn?t developed that way. It is developed one procedure at a time and it is not hard to test a single procedure for buffer overflows. No what is happening is laziness and negligence. As well as worrying too much about the bottom dollar and not at all about what quality of product they sell.

Enough said.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/141/18091#18091