RE: Writing Secure code

From: Jeremy Epstein (jepstein@webmethods.com)
Date: 12/27/02

  • Next message: Valdis.Kletnieks@vt.edu: "Re: Writing Secure code"
    From: "Jeremy Epstein" <jepstein@webmethods.com>
    To: "Rahul Chander Kashyap" <rahul@nsecure.net>, <secprog@securityfocus.com>
    Date: Fri, 27 Dec 2002 12:46:05 -0500
    
    

    > And one more thing...<this one might be interesting ;-)> Is it possible
    > to write code that is completely secure and not exploitable?

    Yes.

    main() { exit(0); }

    is completely secure and not exploitable. Beyond that, you're on your own
    :-)

    I think what you really mean is "is it possible to write code THAT DOES
    SOMETHING USEFUL that is completely secure and not exploitable". In
    general, the answer is "no". Any program of even moderate complexity, by
    today's standards, includes so much baggage that it's impossible to say with
    absolute certainty that it's secure. Even if there's no vulnerabilities in
    your code, the stuff you drag in (e.g., DLLs) is highly likely to have
    problems.

    --Jeremy