I don't think the analogy supplied is valid for a number of reasons. If we want to use the Empire State building as the base object, a 10-lb dog could not deliver its payload to bring the building down. However, a 10-lb block of explosives would have a much better chance of dropping the building. The point being that it is not the size of the intruder, it's the type.

In writing an operating system, millions of lines of code or not, there are potentially thousands of points of vulnerability, but during its development those points should be covered (checking input string size, buffer size, etc). In the Empire State building analogy, the general public (or the dog or explosives) does not have access to the central support structures of the building. They are protected by the security guards, concrete doors with locks, etc. However, it may still possible to find holes in the building security and exploit them.

It's unfair (even if it is Micro$oft), if not impossible, to expect anyone to write feature-rich operating system code in ten thousand lines (as one measure of dramatic reduction), let alone millions, and then to further expect there to be 100% impenetrability. In theory, and with a little bit of research and planning, I could steal an employee's badge (thus piggybacking/bypassing a security feature), go into the printing offices of the New York Times (gaining access to the core systems) and cut the paper feed to the printing press (a multi-million dollar machine with thousands of parts) with a five-cent plastic butter knife. I could bring the printing process to a halt. I'm sure the New York Times would have any number of measures in place to prevent my doing that. However, it does illustrate how, with a little planning, opportunity, and a simple object, one can bring a core system to its knees.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/228/25418#25418