Thursday, January 05, 2006

the power of good tools

I was just reading Correctness by Construction: A Manifesto for High-Integrity Software (mentioned on Slashdot) and was reminded of one of the things I miss from working at Microsoft. I gushed about Microsoft's internal tools when discussing profilers, but Microsoft has an impressive set of source-code analysis tools. They have some amazing tools to catch buffer overruns and the like in C/C++ code, that I predict will make Vista and Office 12 some of Microsoft's most stable releases ever. No tool can protect against blatantly insecure design (such as was behind the recent WMF exploits), nor is it realistically possible to use a tool to verify that IE is secure. But I can personally attest that the tools are already doing wonders to reduce the number of missing null checks, off-by-one buffer overflows, and the like, which plague any C/C++ code-base.

If Microsoft plays its cards well, Vista has the potential to be a less buggy, and potentially more secure OS than linux/etc. Vista is still disadvantaged because it has more ancient code that has to be there for backward compatibility, but automatic analysis will find many bugs that code reviews by the open-source hordes may never uncover.

and yet... I still plan to run Mac OS X. Microsoft just can't touch the cleanliness of design that seems so omnipresent on the Mac.

That said, I'm still waiting for the new Mac/Intel laptops. No matter how secure they make the OS, I still love having a real command-line and near infinite set of tools at my fingertips.


Anonymous Anonymous said...

Fortunately some of these tools are available in next DDK version (aka WDK) ;-)

1:34 AM  

Post a Comment

<< Home