Crispin Cowan wrote:
> Do you suppose it is because of the different techniques researchers use
> to detect vulnerabilities in source code vs. binary-only code? Or is
> that a bad assumption because the hax0rs have Microsoft's source code
> anyway? :-)

I'm in the process of hiring an outside firm for security review of the
product for the day job. They didn't seem particularly interested in the
source, the binaries are sufficient. It appears to me that the
distinction between source and object is becoming a bit moot nowadays.

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -
SC-L is hosted and moderated by KRvW Associates, LLC (
as a free, non-commercial service to the software security community.

Reply via email to