WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Code Complexity vs. Security

From: Skip Carter <skip () taygeta com>
Date: Mon, 26 Jul 2004 14:47:39 -0700



      I would suggest that almost all programming errors (and
      hence security problems) come from some programmer attempting
      to be "smart" and reduce the size of his/her code.


Hmmm.  While I agree that ill considered programming cleverness is one source 
of
problems.  But there seems to be an entire class of security issues that have 
nothing
to do with bugs but with an insecure design.  Consider an absolutely bug-free 
program
that controls access to a database via a text file using ROT-13 encryption.





Skip



-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip () taygeta com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: