Secure Coding mailing list archives

RE: Missing the point?

From: "Alun Jones" <alun () texis com>
Date: Tue, 20 Apr 2004 23:29:59 +0100

[EMAIL PROTECTED] wrote:

Michael A. Davis wrote:

Isn't she missing the point? It is not the source code that is the
problem -- it is the developer.


Well ofcause you can improve the quality of your code by
educating your developers, but you cannot avoid doing code review.
    Developers are lazy and they will commit errors.


More to the point, they are human, and even developers that are not lazy
will occasionally make mistakes.  Simply finding a committed programmer who
understands security will not produce a secure product.

Alun.
~~~~
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.

Current thread:

Yoran on the state of software security Kenneth R. van Wyk (Apr 19)
- <Possible follow-ups>
- Re: Yoran on the state of software security Kenneth R. van Wyk (Apr 20)
  - Missing the point? Michael A. Davis (Apr 20)
    - Re: Missing the point? Dave Aronson (Apr 20)
    - Re: Missing the point? Mads Rasmussen (Apr 20)
    - RE: Missing the point? Alun Jones (Apr 20)
    - Re: Missing the point? Jared W. Robinson (Apr 21)
    - Re: Missing the point? Paco Hope (Apr 20)
    - Re: Missing the point? Nash (Apr 20)
    - RE: Missing the point? Michael A. Davis (Apr 21)
    - Re: Missing the point? Pascal Meunier (Apr 20)
    - Re: Missing the point? Pascal Meunier (Apr 20)
    - RE: Missing the point? Michael S Hines (Apr 23)
    - Re: Missing the point? Crispin Cowan (Apr 26)
  - Re: Yoran on the state of software security Greenarrow 1 (Apr 22)
- Re: Yoran on the state of software security Nick FitzGerald (Apr 22)

(Thread continues...)