From: Mike Duvos <enoch@zipcon.net>
Date: Tue, 17 Jun 1997 13:13:00 +0800
To: cypherpunks@cyberpass.net
Subject: Re: More about Netscape Bug finder
In-Reply-To: <v030209a4afcb8c31bbc6@[139.167.130.246]>
Message-ID: <199706170459.VAA17233@zipcon.net>
MIME-Version: 1.0
Content-Type: text/plain



A few comments... 

Almost every non-trivial program which runs on a platform which does not
shield the OS from applications can be subverted to give access to the
target machine. 

This is hardly news.  The fact that a determined Dane with a debugger
managed to poke through the code and break something is neither
earth-shattering nor remarkable. 

In something the size of Netscape, I'm sure 999,999 exploits still remain. 
The company is hardly going to start writing checks every time someone
finds one of them.

Until all application software runs on secure virtual machines, or passes
bytecode verification and formal proofs of correctness, this problem will
continue to exist, not only in Netscape, but in every other large
application as well.

Big Yawn. 

--
     Mike Duvos         $    PGP 2.6 Public Key available     $
     enoch@zipcon.net   $    via Finger.                      $