Secure Coding mailing list archives
Re: Variable comparisons
From: Dave Aronson <securecoding () dja mailme org>
Date: Wed, 03 Dec 2003 17:35:15 +0000
On Tue December 2 2003 15:16, Chris Richards wrote:
I may actually buy this book. Despite the fact that it is from Microsoft. :-)
Actually, from the much I've read *about* them and little I've read *of* them, Microsoft Press books tend to be pretty good! Some theorize that the documentation that ships with MS products is so bad, in order to get you to buy the MS Press books about the product. However, since the ones on SE often contain excellent advice on robustness, security, etc., that MS obviously does not follow, there may be a clear separation between the software and book lines of business. B-)/2
it is far cheaper to design a problem out of a product than it is to test a problem out of a product. It seems to me that a large part of the software industry has yet to figure this out; it doesn't seem to get taught to the young people coming out of University,
It was taught to me in 1983, and I've seen it in professional periodicals (usually as a basic axiom, used to support something else) frequently since then. Maybe it's not taught *any more*, but I very much doubt it, as awareness of the importance of design (vs. sit down and hack it out) seems to have only increased since then. Unfortunately, this is only well-known THEORY, and rarely PRACTICED. The big question is why? My guess is the standard excuse of schedule pressure, plus a desire to get quickly to what so many consider the fun part, the coding. Any others? -- Dave Aronson, Senior Software Engineer, Secure Software Inc. (Opinions above NOT those of securesw.com unless so stated!) Email me at: work (D0T) 2004 (@T) dja (D0T) mailme (D0T) org Web: http://destined.to/program http://listen.to/davearonson
Current thread:
- Variable comparisons David A. Wheeler (Dec 03)
- <Possible follow-ups>
- Re: Variable comparisons der Mouse (Dec 03)
- Re: Variable comparisons Dave Aronson (Dec 03)
- Re: Variable comparisons Martin Stricker (Dec 03)
- Re: Variable comparisons Danny Smith (Dec 03)
- Re: Variable comparisons Bob Toxen (Dec 03)
- Re: Variable comparisons Wietse Venema (Dec 05)
- Re: Variable comparisons Florian Weimer (Dec 06)
- Re: Variable comparisons Peter G. Neumann (Dec 03)
- Re: Variable comparisons Peter G. Neumann (Dec 07)