Software CAN be securely developed; consider VMS.
Microsoft's apologists routinely claim that countless security holes
are just natural, to be expected, inevitable (and so on).
A counter example is all one needs to demonstrate that this is self serving
nonsense, and that Microsoft need look no further than its internal
culture for an explanation of the problems it has introduced into the
world by publishing carelessly written, poorly debugged software.
Let me suggest VMS as such an example. While it too had numerous
security holes in the early 80s, that was an era when networking was
far from the norm and when not much was expected. More recently the
OS has had remarkably few holes. (It was recently judged "cool" and
"unhackable" at DEFCON 9 btw.)
The reason for this is care in construction. In VMS Engineering, there
is something called Life of a Project which specifies how changes are
made. First there is the investigation report, which must be defended
before a meeting of any affected groups. Repeats of such meetings are
not uncommon. At the meetings, people look at the code proposed and
design schemes, and ask questions about security effects and about
data integrity. The design goes no further if holes are being introduced.
Then comes the design spec and the functional spec, also which must
be defended before meetings of usually more groups. Again, security
questions get asked. Finally there are code reviews and tests. The
culture is that security holes or data corruptors are showstopper class
bugs and must be fixed. This leads to everyone considering such issues,
since nobody likes to have his work show up with problems.
An example issue could be whether new tape fileskipping functions
had security relevance. Turns out they do, with some tape management
systems, an issue which delayed the proposed change. But the system
came out with the new functions, and without adding security problems
in doing them.
Occasional mistakes do occur there, and rather more of them have
been found internally by the developers before anyone outside noticed
than have been reported externally. Still, the number of such is well
below systems like Windows, where no such process exists, and below
systems like Unix, which had years of early development during which
security was not an issue. The major unix shops today realize there
are issues and have addressed many. Microsoft seems not to have a
development group concerned with this, though, and while its security
group is, the security group's concerns appear not to have penetrated
into the rest of the culture.
VMS is not the only secure OS out there; I just happen to have encountered
the culture of its developers and don't believe you can get a decently
secure system unless the developers look for security issues and
ask one another about them as a matter of routine. (I would suggest
that OS/400 could be another fertile place to look for industrial
strength security. IBM has understood such for a long time.)
[3164 byte] By [
G.Dinosaur] at [2007-11-9 23:51:57]
# 1 Re: Software CAN be securely developed; consider VMS.
and VMS was never connected to the 'net!! that said, the internal process
is changing at MSFT, the group of which i am a member is charged with beefing
up the security process, and we are making great strides in improving things,
which is good for everyone. the most important aspect of what we do is make
sure we learn from past mistakes. and this has been taken as a critical doctrine.
stuff that we've learned is available in Writing Secure Code http://www.microsoft.com/mspress/books/5612.asp
"G.Dinosaur" <GD@gce.com> wrote:
>
>Microsoft's apologists routinely claim that countless security holes
>are just natural, to be expected, inevitable (and so on).
>
>A counter example is all one needs to demonstrate that this is self serving
>nonsense, and that Microsoft need look no further than its internal
>culture for an explanation of the problems it has introduced into the
>world by publishing carelessly written, poorly debugged software.
>
>Let me suggest VMS as such an example. While it too had numerous
>security holes in the early 80s, that was an era when networking was
>far from the norm and when not much was expected. More recently the
>OS has had remarkably few holes. (It was recently judged "cool" and
>"unhackable" at DEFCON 9 btw.)
>
>The reason for this is care in construction. In VMS Engineering, there
>is something called Life of a Project which specifies how changes are
>made. First there is the investigation report, which must be defended
>before a meeting of any affected groups. Repeats of such meetings are
>not uncommon. At the meetings, people look at the code proposed and
>design schemes, and ask questions about security effects and about
>data integrity. The design goes no further if holes are being introduced.
>Then comes the design spec and the functional spec, also which must
>be defended before meetings of usually more groups. Again, security
>questions get asked. Finally there are code reviews and tests. The
>culture is that security holes or data corruptors are showstopper class
>bugs and must be fixed. This leads to everyone considering such issues,
>since nobody likes to have his work show up with problems.
>
>An example issue could be whether new tape fileskipping functions
>had security relevance. Turns out they do, with some tape management
>systems, an issue which delayed the proposed change. But the system
>came out with the new functions, and without adding security problems
>in doing them.
>
>Occasional mistakes do occur there, and rather more of them have
>been found internally by the developers before anyone outside noticed
>than have been reported externally. Still, the number of such is well
>below systems like Windows, where no such process exists, and below
>systems like Unix, which had years of early development during which
>security was not an issue. The major unix shops today realize there
>are issues and have addressed many. Microsoft seems not to have a
>development group concerned with this, though, and while its security
>group is, the security group's concerns appear not to have penetrated
>into the rest of the culture.
>
>VMS is not the only secure OS out there; I just happen to have encountered
>the culture of its developers and don't believe you can get a decently
>secure system unless the developers look for security issues and
>ask one another about them as a matter of routine. (I would suggest
>that OS/400 could be another fertile place to look for industrial
>strength security. IBM has understood such for a long time.)
# 2 Re: Software CAN be securely developed; consider VMS.
Hogwash!
"Michael Howard" <mikehow@microsoft.com> wrote in message
news:3bd5f6bf$1@news.dev-archive.com...
>
> and VMS was never connected to the 'net!!
[..] snip
# 3 Re: Software CAN be securely developed; consider VMS.
i knew someone would respond :-)
so name 20 web sites running VMS on the Internet...!
"Don Bevis" <dbweb1@premiersi.com> wrote:
>Hogwash!
>
>
>"Michael Howard" <mikehow@microsoft.com> wrote in message
>news:3bd5f6bf$1@news.dev-archive.com...
>>
>> and VMS was never connected to the 'net!!
>[..] snip
>
>
# 4 Re: Software CAN be securely developed; consider VMS.
>>so name 20 web sites running VMS on the Internet...!
...that are not affiliated with digital or the vms community, they don't
count!!
"Michael Howard" <mikehow@microsoft.com> wrote:
>
>i knew someone would respond :-)
>
>so name 20 web sites running VMS on the Internet...!
>
>"Don Bevis" <dbweb1@premiersi.com> wrote:
>>Hogwash!
>>
>>
>>"Michael Howard" <mikehow@microsoft.com> wrote in message
>>news:3bd5f6bf$1@news.dev-archive.com...
>>>
>>> and VMS was never connected to the 'net!!
>>[..] snip
>>
>>
>
# 5 Re: Software CAN be securely developed; consider VMS.
1. http://liftoff.msfc.nasa.gov/home/server/server.html
2. http://kcgl1.eng.ohio-state.edu/www/doc/serverinfo.html
3. http://www.mrs.umn.edu/cs/Newsletters/fall01/www.shtml
4. http://www.marquette.edu/studentlife/organizations.html
5. http://mail-index.netbsd.org/port-vax/1997/07/04/0000.html
6. http://web.upstate.edu/ons/webserver.html
7. http://notebook.ifas.ufl.edu/internet.htm
8. http://www.mctel.fr/spd_euroweb_en.html
9. http://www.iit.edu/departments/cns/computers.html
10.
http://www.acs.fau.edu/Training/downloads/Wise%20Developers%20Session.pdf
11. http://www.wcu.edu/cc/OnlineRes/infosheets/pers-web.html
12. http://www.ciac.org/ciac/bulletinsByType/vndr_vax_sys_bulletins.html
13. http://www.uc.edu/ucitnow/winter_99/webservice.html
14. http://uhaweb.hartford.edu/www/index_howto.html
15.
http://cal.bemidji.msus.edu/english/morgan/courses/en396/WWWVaxDirectory.htm
l
16. http://web.upstate.edu/ons/websteps.html
17. http://www.lns.cornell.edu/~pvhp/vms-web.html
18. http://publish.bsu.edu/tliu/faq/
19. http://notebook.ifas.ufl.edu/intranet.htm
20. http://www.wmich.edu/etti/etti99/prep.html
There's more, but this completes the assignment...
"Michael Howard" <mikehow@microsoft.com> wrote in message
news:3be95d0c@147.208.176.211...
>
> >>so name 20 web sites running VMS on the Internet...!
>
> ..that are not affiliated with digital or the vms community, they don't
> count!!
>
>
> "Michael Howard" <mikehow@microsoft.com> wrote:
> >
> >i knew someone would respond :-)
> >
> >so name 20 web sites running VMS on the Internet...!
> >
> >"Don Bevis" <dbweb1@premiersi.com> wrote:
> >>Hogwash!
> >>
> >>
> >>"Michael Howard" <mikehow@microsoft.com> wrote in message
> >>news:3bd5f6bf$1@news.dev-archive.com...
> >>>
> >>> and VMS was never connected to the 'net!!
> >>[..] snip
> >>
> >>
> >
>
