Re: Value of the [leaked] Windows source

[Michal Zalewski via Dailydave <dailydave () lists aitelfoundation org>]

Not really different from prototyping on the Linux kernel or the
Chromium codebase - pick an old version if you want known bugs... you
don't see a whole lot of that either, and in contrast to Windows, that
wouldn't lead to all kinds of icky questions about ethics, IP, etc.

The thing about most of these tools is that they don't fare well in
large and exotic codebases. What makes sense for a web app is seldom
applicable to a kernel, etc. Starting with the simplest problem of
understanding the sources of untrusted input and potentially dangerous
sinks.

On Wed, Mar 6, 2024 at 6:08 AM Konrads Klints via Dailydave
<dailydave () lists aitelfoundation org> wrote:
> Windows XP and Windows 2003 partial source code is out there on github. With such a rich corpus of known 
> vulnerabilities in those OS'es and source code availability, surely there should be an amazing amount of 
> SAST/semgrep/codeql rules that take as input existing known exploits and then do rules that find similar things, yet 
> I don't seem to be able to find such projects
>
> Surely, these two code bases should be the foundation of most good CS/cyber courses - like students finding new bugs, 
> etc.
>
> Is source code junk?
> _______________________________________________
> Dailydave mailing list -- dailydave () lists aitelfoundation org
> To unsubscribe send an email to dailydave-leave () lists aitelfoundation org
_______________________________________________
Dailydave mailing list -- dailydave () lists aitelfoundation org
To unsubscribe send an email to dailydave-leave () lists aitelfoundation org