tag:blogger.com,1999:blog-37798047.post2322033915955553263..comments2024-01-16T05:48:33.523-05:00Comments on Errata Security: DLL exploit not a job for secure coding programsDavid Maynorhttp://www.blogger.com/profile/09921229607193067441noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-37798047.post-49072528553778271062010-08-25T04:18:18.360-04:002010-08-25T04:18:18.360-04:00Hi Marisa,
Nice blog post.
I haven't read t...Hi Marisa,<br /><br />Nice blog post. <br /><br />I haven't read too much of the details behind this vulnerability so far but my initial thinking was that Microsoft were to blame and I agree fully with what you are saying.<br /><br />When it comes to secure development or specifically the scope of the SDL/anyone's SDLC this most definitely would have been outside of it. That said, if Microsoft change their SDL or publish information on how to prevent this in future then the blame for any applications in the future that are vulnerable because of this vulnerability must rest on the shoulders of developers/security professionals.<br /><br />When I see vulnerabilities like this and business logic flaws in web apps I do wonder whether their is a need for security professionals to think more "maliciously" than we might do at the moment.<br /><br />David (@securityninja)David Rookhttps://www.blogger.com/profile/17825866700317798112noreply@blogger.com