Secure Coding mailing list archives
Re: How do we improve s/w developer awareness?
From: M Taylor <mctylr () privacy nb ca>
Date: Fri, 12 Nov 2004 19:41:42 +0000
On Thu, Nov 11, 2004 at 04:56:20PM -0500, ljknews wrote:
At 2:48 PM -0500 11/11/04, Paco Hope wrote:On 11/11/04 11:46 AM, "ljknews" <[EMAIL PROTECTED]> wrote:As a software developer, I care about such issues, but the compiliations you list are largely not applicable to the operating system and programming languages with which I work.I am still looking for a forum that omits those problems due to choice of C and related programming languages that use null terminated string. I know that is a bad idea, and I don't do it. I am still looking for a forum that omits problems propagated over IP and related protocols. I don't do that either. I have yet to see a standard "tool" (as distinguished from social engineering technique) from elsewhere that fits VMS.
RISK Digest <http://www.risk.org/> (comp.risks) is about the closest, although not security focused it does discuss system failures beyond buffer overflows and TCP/IP protocol suite. It does not exclude familiar risks (and documented failures) of buffer overflows, but extends into numerous design related failures which can have security implications which transcend any given platoform or language. Of course VMS is not immune to security risks. I know, I created more than one insecure piece of software for VMS (in-house stuff that is now retired).
Current thread:
- How do we improve s/w developer awareness? Kenneth R. van Wyk (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 11)
- Re: How do we improve s/w developer awareness? Paco Hope (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 12)
- Re: How do we improve s/w developer awareness? M Taylor (Nov 12)
- Re: How do we improve s/w developer awareness? ljknews (Nov 12)
- Re: How do we improve s/w developer awareness? Paco Hope (Nov 11)
- Re: How do we improve s/w developer awareness? ljknews (Nov 11)
- Re: How do we improve s/w developer awareness? Greenarrow 1 (Nov 29)
- <Possible follow-ups>
- Re: How do we improve s/w developer awareness? Yousef Syed (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)
- Re: How do we improve s/w developer awareness? Jeff Williams (Nov 12)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)
- RE: How do we improve s/w developer awareness? Aleksander P. Czarnowski (Nov 14)
- Re: How do we improve s/w developer awareness? Nick Murison (Nov 16)
- Re: How do we improve s/w developer awareness? Gunnar Peterson (Nov 12)