From: Ted Kaczmarek tedkaz@optonline.net
Thanks for the excellent post, no defense experience but dealing with the street side for quite a while now.
I've worked at banks where the developers put the same routines for "ATM withdrawl" in the same scope and access as the "back-end debits/credits." Their same attitude is, "oh, the system is secured by others."
And when you don't give up, they are arguing, "oh, it'll push back the release date." Some go as far as talking to management to get an override.
And then they _really_hate_you_ when you modify their code and show how easy it is to actually make sure software, or implement MACs at the system-level that do the same thing (but is incompatible with the software). In a nutshell, there are a lot of coders out there that believe their software and routines should access the entire system, no restrictions.
Although UNIX is typically better than Windows, largely because Microsoft's application division still writes code for "Chicago" (including MS IE to date), there are still cases where I can't trust it. And I definitely need to make sure a compromise of one component is well outside the access and scope of a more critical item it uses.
-- Bryan J. Smith mailto:b.j.smith@ieee.org