Secure Coding mailing list archives

Source or Binary

From: andrews at rbacomm.com (Brad Andrews)
Date: Wed, 29 Jul 2009 15:17:38 -0500


This is something where I have to watch my own mind.  Figuring out a  
binary in C++ is very difficult.  The Java is not really a binary, at  
least not in the "runs by itself" meaning.  (Everything is (a) binary  
in reality, including the file holding this email.)

Realizing that java "binaries" hold a lot more is a mental shift that  
probably must be actively kept in mind.  Those with only Java  
experience may think it is obvious, but how many developers did not  
start with Java and have not purged this concept from their mind.

This is a topic worth consideration when we are educating developers  
on secure development.  At least it seems to to me!

-- 

Brad Andrews
RBA Communications
CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI

Current thread:

IBM Acquires Ounce Labs, Inc. Kenneth Van Wyk (Jul 28)
- IBM Acquires Ounce Labs, Inc. Prasad Shenoy (Jul 28)
- <Possible follow-ups>
- IBM Acquires Ounce Labs, Inc. Matt Fisher (Jul 28)
  - IBM Acquires Ounce Labs, Inc. Tom Brennan (Jul 28)
  - IBM Acquires Ounce Labs, Inc. Arian J. Evans (Jul 28)
    - IBM Acquires Ounce Labs, Inc. Jim Manico (Jul 28)
    - IBM Acquires Ounce Labs, Inc. ljknews (Jul 28)
    - IBM Acquires Ounce Labs, Inc. John Steven (Jul 29)
    - Source or Binary Brad Andrews (Jul 29)
    - Source or Binary Kenneth Van Wyk (Jul 29)
    - Source or Binary silky (Jul 29)
    - Source or Binary Paco Hope (Jul 30)
    - Source or Binary Wall, Kevin (Jul 30)
    - Static Vs. Binary John Steven (Jul 30)
    - Static Vs. Binary Pravir Chandra (Jul 30)
    - Static Vs. Binary Kenneth Van Wyk (Jul 30)
    - Static Vs. Binary John Steven (Aug 04)
    - IBM Acquires Ounce Labs, Inc. Arian J. Evans (Aug 04)
    - IBM Acquires Ounce Labs, Inc. Chris Wysopal (Aug 04)

(Thread continues...)