|
Secure Programming
Writing Secure code Dec 27 2002 12:46PM Rahul Chander Kashyap (rahul nsecure net) (6 replies) Re: Writing Secure code Dec 27 2002 06:03PM Valdis Kletnieks vt edu (2 replies) Re: Writing Secure code Dec 27 2002 05:43PM John Viega (viega list org) (2 replies) |
|
|
Privacy Statement |
> > And one more thing...<this one might be intresting ;-)> Is it
> > possible
> > to write code that is completely secure and not exploitable?
>
> This is just a specific case of the question "Is it possible
> to write totally bug-free code"? And yes, it's *possible* to
> write bug-free code. The problem is that it's incredibly
> difficult to manage the development process in such a way
> that bugs are totally prevented - remember that humans are
> writing the code, and humans are.. well... human. ;)
The problem is not in writing code in which bugs are "totally
prevented". It's in knowing that what you have written is bug (i.e.
fault) -free. The only way to know this is to test your program with
*all possible* inputs, which is impossible for all but the most trivial
programs. Thus, you can never know that what you have written is in
fact bug free. Unfortunately, this applies to writing secure programs
as well. Sure, there are practices that we can utilize that will help
us make our code more secure, but we can never be sure that is "totally
secure".
Roger Alexander.
Roger T. Alexander
Associate Professor
Department of Computer Science
Colorado State University
[ reply ]