Question regarding an article from Microsft Hellas's CEO

Frank Heckenbach frank at
Mon Feb 16 20:46:23 UTC 2004

Recently I wrote:

> Another basic problem [of Microsoft software] is the tendency to
> blur the distinction between executable code and data.

Not to belabour the issue, but I was pleased to see that in the
current issue of "CRYPTO-GRAM" Bruce Schneier, one of the world's
leading security experts, makes the same point:

: Security vulnerabilities aren't like the weather; they don't just
: happen.  They are the result of mistakes: mistakes in the code,
: mistakes in design, or mistakes in specification.  MyDoom spread across
: the Internet because of an enormous vulnerability in e-mail software:
: users are allowed to execute arbitrary e-mail attachments.
: This is a bug.  I know it's generally called a feature, but it's
: not.  It's a design flaw.  It's a huge security vulnerability.  And I
: think it's high time we started calling it that.



Frank Heckenbach, frank at
GnuPG and PGP keys: (7977168E)

More information about the Discussion mailing list