Secure Coding mailing list archives
Re: Missing the point?
From: Pascal Meunier <pmeunier () purdue edu>
Date: Tue, 20 Apr 2004 21:54:19 +0100
P.S.: I meant "wise", not "smart" people in my answer below. There are lots of smart people doing unwise things :-). I also meant that without criticism of anyone in particular and more in admiration of people who actually do it successfully ;-) Cheers, Pascal On Apr 20, 2004, at 11:34 AM, Michael A. Davis wrote: Isn't she missing the point? It is not the source code that is the problem -- it is the developer. Thoughts? No, it's the processes (training, development, QA, QC, etc...). Everyone makes stupid mistakes. If you rely solely on the developers, expecting them to perform perfectly all the time, you'll be disappointed. Smart people embed safeguards and guarantees into processes, or avoid risky situations altogether (e.g., use another language than "C" to avoid buffer overflows, if you can. This reminds me of the joke, "Doctor, it hurts when I do this"). You could say that in a way, however, this only adds a level of indirection; what about the people developing the processes? However, the PSP and TSP seem to be working well enough. I wish I knew more about them, and that they were not proprietary. Cheers, Pascal Meunier
Current thread:
- Yoran on the state of software security Kenneth R. van Wyk (Apr 19)
- <Possible follow-ups>
- Re: Yoran on the state of software security Kenneth R. van Wyk (Apr 20)
- Missing the point? Michael A. Davis (Apr 20)
- Re: Missing the point? Dave Aronson (Apr 20)
- Re: Missing the point? Mads Rasmussen (Apr 20)
- RE: Missing the point? Alun Jones (Apr 20)
- Re: Missing the point? Jared W. Robinson (Apr 21)
- Re: Missing the point? Paco Hope (Apr 20)
- Re: Missing the point? Nash (Apr 20)
- RE: Missing the point? Michael A. Davis (Apr 21)
- Missing the point? Michael A. Davis (Apr 20)
- Re: Missing the point? Pascal Meunier (Apr 20)
- Re: Missing the point? Pascal Meunier (Apr 20)
- RE: Missing the point? Michael S Hines (Apr 23)
- Re: Missing the point? Crispin Cowan (Apr 26)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 22)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 26)