Secure Coding mailing list archives
RE: Re: Application Insecurity --- Who is at Fault?
From: "Chris Matthews" <cmatthews () xn com>
Date: Mon, 11 Apr 2005 20:57:49 +0100
Dave Paris wrote:
It's also much more likely that the "foreman" (aka programming manager) told the builder (programmer) to take shortcuts to
meet time and budget - rather than the programmer taking it upon themselves to be sloppy and not follow the specifications.
I'd note that there is the question "if the programmer was given a undefined time period in which to deliver said software, would they be able to deliver code that is free of 'mechanical' (buffer overflows, pointer math bugs, etc) bugs?". Additionally, as an industry, we will only really have the answer to the above question when the programming managers allocate a programmer the time to truly implement specifications in a "mechanically secure" way. But I agree with the premise that a programmer cannot be held accountable for (design) decisions that were out of his control. He can only be accountable for producing "mechanically" correct behaviour. -Chris (Note that references to "mechanical" bugs are ones that really are within the programmer's realm to avoid, and include language specific and language agnostic programming techniques.)
Current thread:
- Re: Application Insecurity --- Who is at Fault?, (continued)
- Re: Application Insecurity --- Who is at Fault? Blue Boar (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Margus Freudenthal (Apr 07)
- Re: Application Insecurity --- Who is at Fault? dtalk-ml (Apr 10)
- Re: Application Insecurity --- Who is at Fault? ljknews (Apr 10)
- RE: Re: Application Insecurity --- Who is at Fault? Edward Rohwer (Apr 10)
- Re: Re: Application Insecurity --- Who is at Fault? Crispin Cowan (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Kenneth R. van Wyk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 11)
- RE: Re: Application Insecurity --- Who is at Fault? Chris Matthews (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? der Mouse (Apr 12)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 12)
- Re: Re: Application Insecurity --- Who is at Fault? der Mouse (Apr 12)
- Adding some unexpected reliability expectations ljknews (Apr 13)
- Re: Adding some unexpected reliability expectations Rob, grandpa of Ryan, Trevor, Devon & Hannah (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 13)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 14)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 14)