Californian-based software risk management (SRM) provider Cigital Inc has announced the discovery of a design-level flaw in a security feature included in Microsoft's new web-services development tool kit
Visual C++.NET and Visual C++ version 7 compiler, designed as security measure for Microsoft software, will actually leave the software open to attack from hackers, according to Cigital chief technology officer Mr Gary McGraw.
The defect, which leaves executable code built by the compiler vulnerable to a attack, was uncovered in Cigital Labs during testing of Cigital's soon-to-be-released security-assessment product.
The allegedly flawed feature was intended to allow developers to provide greater security to the software they write for Microsoft's new .NET Web services platform, announced by the company on Wednesday.
Specifically enhanced with a feature meant to protect potentially vulnerable source code, the Microsoft compiler is automatically intended to protect software from certain forms of hacking.
However, Cigital said because the protection mechanism itself is susceptible to attack, developers who make use of the feature may come away with a false sense of security and unintentionally discount critical implementation problems.