Security Basics mailing list archives

Re: Writing secure code

From: Michael Boman <michael.boman () securecirt com>
Date: Tue, 24 Dec 2002 06:13:09 +0800

On Sat, Dec 21, 2002 at 07:19:42PM +0530, Rahul Chander Kashyap wrote:

Hi people,

I've been going through some articles on how to write secure code esp.
from: http://www.shmoo.com/securecode/

I am looking for something more specific for the windows platform. Are
there any specific guidelines/standards that one could follow?

And one more thing...<this one might be intresting ;-)>  Is it possible 
to write code that is completely secure and not exploitable?


Sure, except you _very_ seldom write all code. What if there is a bug in
the libraries or operating system your software runs on? Take a look at
the OpenBSD project. They have audited a great deal of the source code of
the system (both OS and applications, something I don't think you can do
on a proparity platform. Let's leave it at that, I hate OS wars. Security
is in the hands of the administrator), yet every so often they detect bugs
that has been undiscovered in previous audits. So in theory it is possible
to have a system that has no bugs, but in practice it's much much harder.

Best regards
 Michael Boman

-- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com

Attachment: _bin
Description:

Current thread:

Writing secure code Rahul Chander Kashyap (Dec 23)
- Re: Writing secure code Michael Boman (Dec 23)
- Re: Writing secure code Pablo Gietz (Dec 27)
- <Possible follow-ups>
- Re: Writing secure code Chris Berry (Dec 24)