Secure Coding mailing list archives
Bugs and flaws
From: brian at fortifysoftware.com (Brian Chess)
Date: Fri, 03 Feb 2006 17:51:41 -0800
The best definition for "flaw" and "bug" I've heard so far is that a flaw is a successful implementation of your intent, while a bug is unintentional. I think I've also heard "a bug is small", a flaw is big", but that definition is awfully squishy. If the difference between a bug and a flaw is indeed one of intent, then I don't think it's a useful distinction. Intent rarely brings with it other dependable characteristics. I've also heard "bugs are things that a static analysis tool can find", but I don't think that really captures it either. For example, it's easy for a static analysis tool to point out that the following Java statement implies that the program is using weak cryptography: SecretKey key = KeyGenerator.getInstance("DES").generateKey(); Brian
Current thread:
- Bugs and flaws, (continued)
- Bugs and flaws Greg Beeley (Feb 03)
- Bugs and flaws Brian Chess (Feb 02)
- Bugs and flaws Gary McGraw (Feb 02)
- Bugs and flaws Jeff Williams (Feb 02)
- Bugs and flaws Gary McGraw (Feb 03)
- Bugs and flaws James Stibbards (Feb 03)
- Bugs and flaws Crispin Cowan (Feb 03)
- Bugs and flaws Dana Epp (Feb 03)
- Bugs and flaws Crispin Cowan (Feb 07)
- Bugs and flaws Nick FitzGerald (Feb 03)
- Bugs and flaws Brian Chess (Feb 03)
- Bugs and flaws Nick FitzGerald (Feb 03)
- Bugs and flaws Evans, Arian (Feb 06)
- Bugs and flaws Evans, Arian (Feb 06)
- Where to read about construction quality software ljknews (Feb 06)
- Bugs and flaws Gary McGraw (Feb 06)
- Bugs and flaws Jeff Williams (Feb 07)
- Bugs and flaws Julie Ryan (Feb 07)
- Bugs and flaws Gunnar Peterson (Feb 07)
- Bugs and flaws Jeff Williams (Feb 07)
- Bugs and flaws Gary McGraw (Feb 06)