Sunday, January 26, 2003

A Modest Proposal

No one seems that surprised that the MS SQL Worm could exist, and it’s popular to blame Microsoft and the server administrators who use SQL Server. If Microsoft would stop writing buggy software… If the admins had installed the update… If Microsoft had made the update easier to install… Well, I’m inclined to cut Microsoft some slack here. They didn’t screw up on purpose, and they’re not incompetent. Open source software isn’t free of security flaws, either.

It seems that no matter how carefully software is designed and reviewed, people will always be able to find security holes. That is why critical software like this should not be coded in unsafe languages such as C. I’ve read that more than half of all security holes are caused by buffer overflow bugs. Buffer overflows are not possible in a safe language. The solution is not to expect programmers to write bug-free code. We’ve already seen that this is practically impossible for humans to do, unless time and cost are not factors. Instead, we should give these programmers better tools that prevent these classes of errors.

Comments RSS · Twitter

Leave a Comment