Security Basics mailing list archives
Re: Writing secure code
From: Michael Boman <michael.boman () securecirt com>
Date: Tue, 24 Dec 2002 06:13:09 +0800
On Sat, Dec 21, 2002 at 07:19:42PM +0530, Rahul Chander Kashyap wrote:
Hi people, I've been going through some articles on how to write secure code esp. from: http://www.shmoo.com/securecode/ I am looking for something more specific for the windows platform. Are there any specific guidelines/standards that one could follow? And one more thing...<this one might be intresting ;-)> Is it possible to write code that is completely secure and not exploitable?
Sure, except you _very_ seldom write all code. What if there is a bug in the libraries or operating system your software runs on? Take a look at the OpenBSD project. They have audited a great deal of the source code of the system (both OS and applications, something I don't think you can do on a proparity platform. Let's leave it at that, I hate OS wars. Security is in the hands of the administrator), yet every so often they detect bugs that has been undiscovered in previous audits. So in theory it is possible to have a system that has no bugs, but in practice it's much much harder. Best regards Michael Boman -- Michael Boman Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd) http://www.securecirt.com
Attachment:
_bin
Description:
Current thread:
- Writing secure code Rahul Chander Kashyap (Dec 23)
- Re: Writing secure code Michael Boman (Dec 23)
- Re: Writing secure code Pablo Gietz (Dec 27)
- <Possible follow-ups>
- Re: Writing secure code Chris Berry (Dec 24)