LAS VEGAS--It's easy now to look back at Microsoft's Windows Vista and berate the company for the operating system's shortcomings, but the truth is far more complex, according to one security researcher. At the second day of the annual Black Hat conference here, Chris Paget, chief hacker at the security company Recursion Ventures, discussed her independent contracting work for Microsoft on Vista prior to its release for the first time. Before Recursion took on the contract, all members of the team that worked on Vista were made to sign non-disclosure agreements that took five years to expire. Chris Paget, talking about her encounters with Windows Vista at Black Hat 2011. masterua. Microsoft hired her team as a final measure to verify that the operating system was safe to ship. The move was so unusual for Redmond that the ongoing company had actually never done it before, said Paget. JogoBox: Gaming museum for the old and abandoned or sweet treasure trove arcade?. There were process and tool improvements. This was the first time that Microsoft brought in an outside team," she said. Her team had to upgrade the hard drive of the test computer that Microsoft sent her before they could even install the operating system, she said with a slightly incredulous laugh. The process was so atypical for Microsoft that they weren't sure what to expect. They expected us to come in and find nothing. Recursion looked at code kernel and the user space but was told not to look at legacy code. Microsoft didn't add legacy code vetting until Windows 7, Paget said. mikajora. They got verification, not remediation." She said that her team was so good at finding critical flaws in Vista code that Vista was actually delayed because of one critical bug she found, and another Microsoft employee referred to them as a "rape gang" because they were beating up Vista so much. Despite the security problems that company and Paget found out in Vista, she had high praise for Microsoft also. She discussed Microsoft's bug track system and how Microsoft's own security team had created an extensive set of features ranked by risk. buddyfilecloud here. Risk, she said, was defined as whether the feature required credentials. If you had to enter a password, like an administrative password, there was a greater risk naturally associated with the feature. So due to Microsoft's work on this end, she was able to start looking at features critically from beginning of the contract. Ipad 2 Movie Download Error'>Ipad 2 Movie Download Error. The experience, she said, showed her that by the time Microsoft had far better procedures in place for security vetting than she would have thought otherwise. Paget said that at home, she's more of a Unix fan and only uses Windows for gaming. World-leading' is entirely appropriate" when discussing Microsoft's security procedures, she said at the start of her talk. Microsoft's security process is spectacular." And toward the end, she reiterated the point. Дежурный Ангел 3 Сезон Смотреть Онлайн Все Серии'>Дежурный Ангел 3 Сезон Смотреть Онлайн Все Серии. If security is a process, not a product, Microsoft deserves a lot of credit. Casino Grand Ru.
0 Comments
Leave a Reply. |