Firewall Wizards mailing list archives
Re: FWTK and smap/smapd
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 19 Jul 2002 10:24:36 -0400
Joseph S D Yao wrote:
without commentary providing what you might call the specifications or design, or the social contract between the programmer and the user, there is nothing against which you can hold a piece of code and say, "THIS IS WRONG!" Code is amoral; it has an inherently situational ethic; such that even the grossest of buffer overflows can only lead us to conclude that the code does it, therefore the code does it. We must provide and communicate the moral absolutes against which the code is measured right or wrong. And we can communicate this on dead trees, or in living commentary.
Hmmm... you've convinced me. I hadn't looked at it from that angle before. I guess what was motivating my opinion was some awful early experiences I had at a small security company where they had folks assigned to audit UNIX/C code who didn't know anything about UNIX or C. That left an indelible impression on me. :) In retrospect I'm sure it was just because those staffers had billable hours to expend and that was it. But ever since then I figured that if you gave people like that commented code they'd _audit_ _the_ _comments_ and the whole process is pointless. But you're right - what we're really talking about is checks and balances. And if you just give code there's, well, just code... I retract my previous comments on this topic!!! :) Where's the "undo" button?! mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- FWTK and smap/smapd Behm, Jeffrey L. (Jul 16)
- Re: FWTK and smap/smapd Jerry Wintrode (Jul 16)
- Re: FWTK and smap/smapd Kevin Steves (Jul 16)
- Re: FWTK and smap/smapd Bennett Todd (Jul 16)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Frederick M Avolio (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 17)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Re: FWTK and smap/smapd Marcus J. Ranum (Jul 19)
- Re: FWTK and smap/smapd Anton J Aylward, CISSP (Jul 19)
- Re: FWTK and smap/smapd Paul D. Robertson (Jul 19)
- Re: FWTK and smap/smapd R. DuFresne (Jul 19)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 19)
- Message not available
- Code reviews [Was: FWTK and smap/smapd] Marcus J. Ranum (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Jim Duncan (Jul 19)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 22)
- Re: Code reviews [Was: FWTK and smap/smapd] ark (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Carson Gaspar (Jul 23)
- Re: Code reviews [Was: FWTK and smap/smapd] Joseph S D Yao (Jul 23)
- Re: FWTK and smap/smapd Russell Van Tassell (Jul 16)