WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Complexity vs. Security

From: David King <davewking () gmail com>
Date: Sat, 24 Jul 2004 23:59:01 -0600
I remember there was a section on this near the
beginning of the book "Exploiting Software: How to Break Code" (Greg
Hoglund and Gary McGraw).  If I remember right they site a couple of
studies and they seem to believe the number of lines of code is the
one of the best indicators of the number of bugs the software will
have.

Dave King
www.thesecure.net

On Sat, 24 Jul 2004 20:36:07 -0600, David King <davewking () gmail com> wrote:

I remember in the book "Exploiting Software: How to Break Code" (Greg
Hoglund and Gary McGraw) there was a section on this near the
beginning of the book.  If I remember right they site a couple of
studies and they seem to believe the number of lines of code is the
one of the best indicators of the number of bugs the software will
have.

Dave King
www.thesecure.net



On Fri, 23 Jul 2004 21:25:20 +0000, Gunnar Peterson
<gunnar () arctecgroup net> wrote:

Dan Geer's Blackhat Windows keynote talk last January charted lines of code
against vulnerabilities over time. LOC is not complexity per se, but it is an
indicator.



Quoting Mark Curphey <mark () curphey com>:


Has anyone seen any good studies that analytically compare the security
quality of code to code complexity ?
Previous By Date Next
Previous By Thread Next

Current thread: