WebApp Sec mailing list archives
Re: Code Complexity vs. Security
From: Skip Carter <skip () taygeta com>
Date: Mon, 26 Jul 2004 14:47:39 -0700
I would suggest that almost all programming errors (and hence security problems) come from some programmer attempting to be "smart" and reduce the size of his/her code.
Hmmm. While I agree that ill considered programming cleverness is one source of problems. But there seems to be an entire class of security issues that have nothing to do with bugs but with an insecure design. Consider an absolutely bug-free program that controls access to a database via a text file using ROT-13 encryption. Skip -- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip () taygeta com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940
Attachment:
_bin
Description:
Current thread:
- Code Complexity vs. Security Mark Curphey (Jul 23)
- Re: Code Complexity vs. Security Gunnar Peterson (Jul 23)
- Message not available
- Re: Code Complexity vs. Security David King (Jul 25)
- Re: Code Complexity vs. Security Suha Demir CAN (Jul 25)
- Re: Code Complexity vs. Security athena (Jul 26)
- Re: Code Complexity vs. Security Ed Moyle (Jul 26)
- Message not available
- RE: Code Complexity vs. Security Mark Curphey (Jul 25)
- Re: Code Complexity vs. Security Adam Shostack (Jul 25)
- Re: Code Complexity vs. Security Gunnar Peterson (Jul 23)
- <Possible follow-ups>
- RE: Code Complexity vs. Security Michael Silk (Jul 25)
- Re: Code Complexity vs. Security Skip Carter (Jul 26)
- RE: Code Complexity vs. Security Wolf, Yonah (Jul 26)
- RE: Code Complexity vs. Security Calderon, Juan Carlos (GE Commercial Finance, NonGE) (Jul 26)
- RE: Code Complexity vs. Security Mark Mcdonald (Jul 26)
- RE: Code Complexity vs. Security Mark Mcdonald (Jul 26)
- RE: Code Complexity vs. Security Michael Silk (Jul 26)
- RE: Code Complexity vs. Security Michael Silk (Jul 26)
- RE: Code Complexity vs. Security Stan Guzik (Jul 27)
- Re: Code Complexity vs. Security Martin Mačok (Jul 28)