Re: Writing secure code

• Previous message: tony tony: "Re: A question about certification and training"
• In reply to: Rahul Chander Kashyap: "Writing secure code"
• Next in thread: Chris Berry: "Re: Writing secure code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 24 Dec 2002 06:13:09 +0800
From: Michael Boman <michael.boman@securecirt.com>
To: Rahul Chander Kashyap <rahul@nsecure.net>

On Sat, Dec 21, 2002 at 07:19:42PM +0530, Rahul Chander Kashyap wrote:
> Hi people,
>
> I've been going through some articles on how to write secure code esp.
> from: http://www.shmoo.com/securecode/
>
> I am looking for something more specific for the windows platform. Are
> there any specific guidelines/standards that one could follow?
>
> And one more thing...<this one might be intresting ;-)> Is it possible
> to write code that is completely secure and not exploitable?

Sure, except you _very_ seldom write all code. What if there is a bug in
the libraries or operating system your software runs on? Take a look at
the OpenBSD project. They have audited a great deal of the source code of
the system (both OS and applications, something I don't think you can do
on a proparity platform. Let's leave it at that, I hate OS wars. Security
is in the hands of the administrator), yet every so often they detect bugs
that has been undiscovered in previous audits. So in theory it is possible
to have a system that has no bugs, but in practice it's much much harder.

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

• application/pgp-signature attachment: stored

• Next message: Alvey Robert W KPWA: "RE: Fiber optic vampire taps"
• Previous message: tony tony: "Re: A question about certification and training"
• In reply to: Rahul Chander Kashyap: "Writing secure code"
• Next in thread: Chris Berry: "Re: Writing secure code"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]