Posted on 08/14/2003 8:01:33 AM PDT by TechJunkYard
Scott Charney, chief security strategist at Microsoft, told developers at the TechEd 2003 conference in Brisbane, that information collected by Dr Watson, the company's reporting tool, revealed that "half of all crashes in Windows are caused not by Microsoft code, but third-party code".
Charney's comments come as the company highlights the rigour with which it tests its own products before release. Microsoft emphasised that products such as Yukon and Exchange Server were undergoing thorough testing -- both internally and via independent third parties -- prior to their release to the market.
The company is employing root cause analysis and event sequence analysis procedures to scrub out the creation of sloppy code. The result is that individual developers have a high degree of accountability for the code they produce, while the systems and processes associated with code development are rigorously monitored.
Root cause analysis enables the company to check closely the work of individual developers. If a developer has written vulnerable code, then we look at what else that developer has written and check it, Charney said
Event sequence analysis takes this further, analysing the reasons why the vulnerable code was written. Charney said it was not necessarily so they can sack whoever is writing vulnerable code, but find out the reasons why and how Microsoft improve their staff with training or more efficient processes.
As Charney made his remarks, Charles Sturt University announced they would be offering a Master of Information Systems Security degree including MCSE:Security industry certification.
Charney's also reinforced Microsoft's message to developers and network administrators that they needed to build secure applications and networks "from the ground up".
The chief security strategist's remarks have come at an unfortunate time, as mainstream and niche media outlets produce heavy coverage of the impact of the MSBlast worm, which has infiltrated corporate and enterprise networks worldwide.
Brendon Chase travelled to Tech Ed as a guest of Microsoft.
Then again, depending on the meaning of the word "crash" of course, considering that operating systems should not actually allow applications to "crash" them, maybe all of the "crashes" are the fault of Microsoft code?
It's hard enough to idiot-proof a computer program so people clicking on the GUI interface can't screw it up if they do something really dumb--can you imagine how hard it would be to accomplish idiot-proofing an OS from applications that interact with it in a much more complicated manner? In any case, the vast majority of the time a program crashes on me, it doesn't crash my computer.
Now that is some spin. As you pointed out, looking at it the other way shows that Microsoft code is responsible for half of Windows crashes. If I had ever thought about it before, I would have expected a much lower (Micorosoft) percentage than 50%..
It can't. That's the app's fault. But the OS can and should prevent a rougue app from taking the whole system down with it.
And I have seen this happen with Win2000.
An OS can't prevent that, of course. In fact, Microsoft has included several features in the OS that many developers don't use. So many problems in user space would be solved if people used smarter memory management techniques and installed unhandled exception handlers, all very straightforward, if not downright easy.
<
Yup... it's been done. OS/370, OS/390, OS/400. They don't crash unless the system operator wants them to crash.
As a matter of fact, I should probably re-boot that SQL server sometime this year.
On the other hand my gamming machine crashes once or twice a week but considering how I have the FSB and Radeon 9700 overclocked, I'm practically begging for it to lock up. Mostly, I'm just surprised it isn't actually on fire.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.