RE: Writing Secure code
From: Jeremy Epstein (jepstein@webmethods.com)
Date: 12/27/02
- Previous message: John Viega: "Re: Writing Secure code"
- In reply to: Rahul Chander Kashyap: "Writing Secure code"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
- Reply: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Jeremy Epstein" <jepstein@webmethods.com> To: "Rahul Chander Kashyap" <rahul@nsecure.net>, <secprog@securityfocus.com> Date: Fri, 27 Dec 2002 12:46:05 -0500
> And one more thing...<this one might be interesting ;-)> Is it possible
> to write code that is completely secure and not exploitable?
Yes.
main() { exit(0); }
is completely secure and not exploitable. Beyond that, you're on your own
:-)
I think what you really mean is "is it possible to write code THAT DOES
SOMETHING USEFUL that is completely secure and not exploitable". In
general, the answer is "no". Any program of even moderate complexity, by
today's standards, includes so much baggage that it's impossible to say with
absolute certainty that it's secure. Even if there's no vulnerabilities in
your code, the stuff you drag in (e.g., DLLs) is highly likely to have
problems.
--Jeremy
- Next message: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
- Previous message: John Viega: "Re: Writing Secure code"
- In reply to: Rahul Chander Kashyap: "Writing Secure code"
- Next in thread: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
- Reply: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
