Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BitchX /ignore bug

From: 11a () GMX NET (Bluefish)
Date: Sat, 8 Jul 2000 23:14:47 +0200

It´s one way to look at it. But on the other hand, most developers *ought*
to be aware of secure coding. Because it won´t be the same people who
write well know unix deamons who write the billions of softwares which
eventually might be used to handle important data. To fix bugs in
operating systems and other software commonly analyzed by "the security
community" is important, but there are tons of other programs out there
which will end up containing bugs if left to people with little knowledge
of security write them.

I don´t think it´s a very good idea that this is entirely up to be taught
in mailing lists or to nbe read from the web. It won´t change over a
night, but I think that in time this will change.


the code itself, but on the underlying protocols and concepts. Again, it
was taught in java.  A thorough examination of what constitutes a stack
overflow exploit in C, and writing secure code in general, are concepts
that might best be taught to beginning programmers by the security /
programming community itself, by making instructional docs available
online (if they aren't now), because they're not going to show up on an
academic curriculum any time soon.  You've got to take care of your own.


..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu  
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: