Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Missing the point?

From: "Michael A. Davis" <mdavis () savidtech com>
Date: Wed, 21 Apr 2004 16:42:25 +0100
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


While you are exactly right that developers write bad code, 

we shouldn't leave the developers out in the cold and just 

say "You are the problem.
Learn to write better code."  If there are code auditing and 


Ah, my original email wasn't verbose enough. I meant, as others have
pointed out, that there is no one solution but organizations must use
multiple solutions. Code audits won't save you and neither will only
educating developers. 

The point of my email was more of a vent because most people, and
media it seems, assume more and more technology is the answer to
security problems. Maybe we should focus more on the developer AND
give them the tools.


We allow developers to have debuggers, right?  Why not let 
them have code tools that scan for stupid errors like buffer 
overflows in their code? It's just another tool in the 
toolbox.  Great developers, like great artists, still must be 
fluent with their tools.


I 100% agree but want to emphasize that developer education and tools
go hand in hand. If you only use one you are only solving part of the
problem.
 
Hope that clears up my initial email.

Thanks,
Michael A. Davis
Chief Executive Officer
Savid Technologies, Inc.
http://www.savidtech.com  

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQIWfXNo69WASbsMmEQJvYwCeLtX+ha9i+xmbQO1xirrEm15nOo4AoMc4
PRWw9Ft+6Og9UxmPlvzGQ3sT
=a2pT
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: