Secure Coding mailing list archives
Re: Re: Application Insecurity --- Who is at Fault?
From: "Carl G. Alphonce" <alphonce () cse Buffalo EDU>
Date: Tue, 12 Apr 2005 04:13:36 +0100
on Monday April 11, 2005, Damir Rajnovic wrote:
On Mon, Apr 11, 2005 at 12:21:30PM +1000, Michael Silk wrote:Back to the bridge or house example, would you allow the builder to leave off 'security' of the structure? Allow them to introduce some design flaws to get it done earlier? Hopefully not ... so why is it allowed for programming? Why can people cut out 'security' ? It's not extra! It's fundamental to 'programming' (imho anyway).Even builders and architects do experiment and introduce new things. Not all of these are outright success. We have a wobbly bridge in UK and there is(was) new terminal at Charles de Gaulle airport in Paris. Every profession makes mistakes. Some are more obvious and some not. I am almost certain that architects can tell you many more stories where things were not done as secure as they should have been. Comparisons can be misleading.
Indeed. I am fairly certain that there are numerous examples of buildings which were properly designed yet were built differently. I can't believe that builders never use different materials than are called for in the plans, and that they never make on-site adjustments to the plans to accomodate last-minute customer requests ("we really want a double sink in the master bath"), etc. ------------------------------------------------------------------------ () ascii ribbon campaign - against html e-mail /\ ------------------------------------------------------------------------ Carl Alphonce [EMAIL PROTECTED] Dept of Computer Science and Engineering (716) 645-3180 x115 (tel) University at Buffalo (716) 645-3464 (fax) Buffalo, NY 14260-2000 www.cse.buffalo.edu/~alphonce
Current thread:
- Re: Application Insecurity --- Who is at Fault?, (continued)
- Re: Application Insecurity --- Who is at Fault? Jeff Williams (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- SOS: Service Oriented Security Gunnar Peterson (Apr 06)
- RE: Application Insecurity --- Who is at Fault? Goertzel Karen (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- RE: Re: Application Insecurity --- Who is at Fault? Joel Kamentz (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? ljknews (Apr 12)
- RE: Re: Application Insecurity --- Who is at Fault? ljknews (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Carl G. Alphonce (Apr 11)