Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Missing the point?

From: Pascal Meunier <pmeunier () purdue edu>
Date: Tue, 20 Apr 2004 21:54:19 +0100
P.S.:  I meant "wise", not "smart" people in my answer below.  There 
are lots of smart people doing unwise things :-).  I also meant that 
without criticism of anyone in particular and more in admiration of 
people who actually do it successfully ;-)

Cheers,
Pascal

On Apr 20, 2004, at 11:34 AM, Michael A. Davis wrote:


Isn't she missing the point? It is not the source code that is the
problem -- it is the developer.

Thoughts?


No, it's the processes (training, development, QA, QC, etc...).  
Everyone makes stupid mistakes.  If you rely solely on the developers, 
expecting them to perform perfectly all the time, you'll be 
disappointed.  Smart people embed safeguards and guarantees into 
processes, or avoid risky situations altogether (e.g., use another 
language than "C" to avoid buffer overflows, if you can.  This reminds 
me of the joke, "Doctor, it hurts when I do this").  You could say that 
in a way, however, this only adds a level of indirection;  what about 
the people developing the processes?   However, the PSP and TSP seem to 
be working well enough.  I wish I knew more about them, and that they 
were not proprietary.


Cheers,
Pascal Meunier
Previous By Date Next
Previous By Thread Next

Current thread: