The road to managed code

On June 6, Microsoft posted security bulletin MS02-026, titled "Unchecked Buffer in ASP .Net Worker Process." Tongues immediately began to wag. Wasn't .Net supposed to prevent this sort of thing? It's true that managed code avoids the buffer overflows that trigger so many security snafus. But the ASP .Net engine, a .Net component, is not itself written wholly in managed code, and the security flaw was in an unmanaged function. Work was "currently under way," the bulletin said, "to migrate all functions over to the .Net Framework." That migration is an epic journey that makes the trip from 16-bit to 32-bit code look like a weekend jaunt. [ full story at InfoWorld.com ]


Former URL: http://weblog.infoworld.com/udell/2002/08/03.html#a363