Firewall Wizards mailing list archives
Re: concerning ~el8 / project mayhem
From: Adam Shostack <adam () homeport org>
Date: Thu, 22 Aug 2002 19:45:12 -0400
On Thu, Aug 22, 2002 at 02:50:03PM -0400, Dave Piscitello wrote: | > - reading the LINUX source code | | Oh, come down from the lofty perch...this is an entirely elitist | perspective. The ratio of people who must be engaged in securing systems | vs. those capable of evaluating whether source correctly bounds data | structures approaches infinity. Being able to detect bounds in the structures may not be needed. No, wait, is not needed. My favorite example, and I change the text slighlty to not harrass the author: /* Too tired to do this better */ was in a pile of security code. Just reading the code of the thing you're installing is often educational and enlightening. Its gotten harder as things get more complex, but its still worth doing, EVEN IF YOU"RE NOT A PROGRAMMER. I say that as someone who rarely writes code. I find reading other people's code worth my time. (I often say that my writing code is a process bug; I can code, but not as well, quickly, or securely as a good programmer..) | > - Reading papers by Bhoem, Parnas, Hansen and the like (or perhaps | > "Software Tools") on good technique and comparing it with some | > published code. | > (Some of the 'open source' code is exemplary in its grotty-ness) | | This is unfortunately a luxury for many daily ops folks. Have you run or | worked in a NOC? And you're finding time to post to this list? ;) And as much as I like the folks here, Parnas is more worthwhile. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: concerning ~el8 / project mayhem, (continued)
- Re: concerning ~el8 / project mayhem Anton A. Chuvakin (Aug 21)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 21)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Re: concerning ~el8 / project mayhem Anton Chuvakin (Aug 21)
- RE:Vulnerability Scanners ( was: concerning ~el8 / project mayhem ) Josh Welch (Aug 21)
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 21)
- Re: concerning ~el8 / project mayhem Anton J Aylward, CISSP (Aug 21)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 22)
- Re: concerning ~el8 / project mayhem Adam Shostack (Aug 23)
- Message not available
- Re: concerning ~el8 / project mayhem Marcus J. Ranum (Aug 17)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 18)
- RE: concerning ~el8 / project mayhem Bill Royds (Aug 18)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 18)
- Re: concerning ~el8 / project mayhem Paul D. Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Barney Wolff (Aug 19)
- Re: concerning ~el8 / project mayhem Darren Reed (Aug 18)
- Message not available
- Re: concerning ~el8 / project mayhem Dave Piscitello (Aug 19)
- Re: concerning ~el8 / project mayhem Paul Robertson (Aug 19)
- Re: concerning ~el8 / project mayhem Tina Bird (Aug 19)