Re: Writing secure code

From: Michael Boman (michael.boman@securecirt.com)
Date: 12/23/02

  • Next message: Alvey Robert W KPWA: "RE: Fiber optic vampire taps"
    Date: Tue, 24 Dec 2002 06:13:09 +0800
    From: Michael Boman <michael.boman@securecirt.com>
    To: Rahul Chander Kashyap <rahul@nsecure.net>
    
    
    

    On Sat, Dec 21, 2002 at 07:19:42PM +0530, Rahul Chander Kashyap wrote:
    > Hi people,
    >
    > I've been going through some articles on how to write secure code esp.
    > from: http://www.shmoo.com/securecode/
    >
    > I am looking for something more specific for the windows platform. Are
    > there any specific guidelines/standards that one could follow?
    >
    > And one more thing...<this one might be intresting ;-)> Is it possible
    > to write code that is completely secure and not exploitable?

    Sure, except you _very_ seldom write all code. What if there is a bug in
    the libraries or operating system your software runs on? Take a look at
    the OpenBSD project. They have audited a great deal of the source code of
    the system (both OS and applications, something I don't think you can do
    on a proparity platform. Let's leave it at that, I hate OS wars. Security
    is in the hands of the administrator), yet every so often they detect bugs
    that has been undiscovered in previous audits. So in theory it is possible
    to have a system that has no bugs, but in practice it's much much harder.

    Best regards
     Michael Boman

    -- 
    Michael Boman
    Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
    http://www.securecirt.com
    
    




    Relevant Pages

    • Writing Secure code
      ... I've been going through some articles on how to write secure code esp. ... I am looking for something more specific for the windows platform. ... Layered Defence ...
      (SecProg)
    • Writing secure code
      ... I've been going through some articles on how to write secure code esp. ... I am looking for something more specific for the windows platform. ... Layered Defence ...
      (Security-Basics)