Secure Coding - is that the end of the story?

["Michael S Hines" <mshines () purdue edu>]

We've talked a lot about secure coding - but is that the whole story?

What about other aspects of systems management - memory management
(consuming memory, memory leaks, etc), process management (DDoS, overloading
systems with processes and threads), DASD management (saturating storage
capacity, consumption/saturation of access paths), and auditing management
(filling logs, altering logs, data retention policies)?

Do you know what your systems do at the extreme end points of these
services?  Are they system features that allow you to control and/or monitor
these system aspects?  Can tuning be done dynamically or must it be static
(static meaning rebooting the system to reread configuration data sets).

This link gets to web site performance issues - one aspect of this larger
perspective.
http://www.eweek.com/article2/0,1759,1607765,00.asp

Mike Hines
-----------------------------------
Michael S Hines
[EMAIL PROTECTED]