Hi Soda~,

I would agree with sec_ware on this one.

I think definitively by design. As OS developer you could design to control what a program is able to do
Code is basically language, and I am not aware of any language that contains security flaws per se. It is how the language (code) is used that causes the potential for weakness.

Now, it is conceivable that a coding error could cause a vulnerability. A crude analogy would be a night latch installed wrong way round, such that the latch mechanism is on the outside of the door. Any passer by could see that and operate the mechanism to open the door.

In the case of applications and OS code, there tends to be rather a lot of it, and the source is frequently not available, which leaves discovering a code based weakness very much to chance (with a low probability, given the volume and complexity of the code)

In the case of open source, a coding error would be spotted and corrected very quickly, which leads me to suggest that one of the factors in your model should be the presence of and adherence to coding standards; and the rigorousness of the testing and QA processes.

Design faults are a totally different scenario, as the potential attacker can see what the product does and have a good idea of how it works. They can then determine potential holes and probe for them. In this case it does not matter how well the product is coded, as the flaw is in the design.

Over twenty five years ago I can remember a colleague commenting: "700 man-years in developing the product, and half a man-day in thinking about security" (it was an IBM product )

So my conclusion is that design, and a commitment to build in security from the outset is paramount.

Just my thoughts................