Secure Coding mailing list archives
RE: Missing the point?
From: "Michael A. Davis" <mdavis () savidtech com>
Date: Wed, 21 Apr 2004 16:42:25 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
While you are exactly right that developers write bad code,we shouldn't leave the developers out in the cold and justsay "You are the problem. Learn to write better code." If there are code auditing and
Ah, my original email wasn't verbose enough. I meant, as others have pointed out, that there is no one solution but organizations must use multiple solutions. Code audits won't save you and neither will only educating developers. The point of my email was more of a vent because most people, and media it seems, assume more and more technology is the answer to security problems. Maybe we should focus more on the developer AND give them the tools.
We allow developers to have debuggers, right? Why not let them have code tools that scan for stupid errors like buffer overflows in their code? It's just another tool in the toolbox. Great developers, like great artists, still must be fluent with their tools.
I 100% agree but want to emphasize that developer education and tools go hand in hand. If you only use one you are only solving part of the problem. Hope that clears up my initial email. Thanks, Michael A. Davis Chief Executive Officer Savid Technologies, Inc. http://www.savidtech.com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQIWfXNo69WASbsMmEQJvYwCeLtX+ha9i+xmbQO1xirrEm15nOo4AoMc4 PRWw9Ft+6Og9UxmPlvzGQ3sT =a2pT -----END PGP SIGNATURE-----
Current thread:
- Yoran on the state of software security Kenneth R. van Wyk (Apr 19)
- <Possible follow-ups>
- Re: Yoran on the state of software security Kenneth R. van Wyk (Apr 20)
- Missing the point? Michael A. Davis (Apr 20)
- Re: Missing the point? Dave Aronson (Apr 20)
- Re: Missing the point? Mads Rasmussen (Apr 20)
- RE: Missing the point? Alun Jones (Apr 20)
- Re: Missing the point? Jared W. Robinson (Apr 21)
- Re: Missing the point? Paco Hope (Apr 20)
- Re: Missing the point? Nash (Apr 20)
- RE: Missing the point? Michael A. Davis (Apr 21)
- Missing the point? Michael A. Davis (Apr 20)
- Re: Missing the point? Pascal Meunier (Apr 20)
- Re: Missing the point? Pascal Meunier (Apr 20)
- RE: Missing the point? Michael S Hines (Apr 23)
- Re: Missing the point? Crispin Cowan (Apr 26)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 22)
- Re: Yoran on the state of software security Greenarrow 1 (Apr 26)