Re: A new blog on application security - armoredcode.com

[Jeffrey Walton <noloader () gmail com>]

On Fri, Mar 16, 2012 at 12:50 PM, Paolo Perego <thesp0nge () gmail com> wrote:
> Hi list, just 2 lines for promoting my new blog on application security:
> http://armoredcode.com
> The idea is to talk about appsec using the developers language so talking
> about testing frameworks and practices, libraries to enforce security, how
> to read a penetration test report, some "hands on" with live code examples
> and some interviews with appsec and developers superstar.
>
> If you would like to add it on your feed, it would be great.
For the love of <higher power>, please discuss the tool chain's static
analysis capabilities, and suggest a clean compile as a security gate
(gcc: -Wall -Wextra -Wconversion).

> From my experience, its nearly impossible to 'quick audit' a GNU
project. Entering `make CFLAGS="-Wall -Wextra -Wconversion ..." causes
so much output its difficult to locate/triage issues.

You will be swimming against the tide with some of the l33t k3rn3l
hack3rz: "Gcc is crap" [1].

Jeff

[1] "[PATCH] Don't compare unsigned variable for <0 in sys_prctl(),"
http://linux.derkeiler.com/Mailing-Lists/Kernel/2006-11/msg08325.html.
_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________