James A. Donald writes: > Suppose that there is a bad apple. The bad apple can socially > engineer his code into the source tree by leveraging his > relationships, but in so doing, if he gets caught, will burn those > relationships.
In this vein, a big concern is that even experienced C programmers can have a hard time noticing security vulnerabilities, even if they're looking for them. http://underhanded.xcott.com/ It's also easy to deny that vulnerabilities were intentional. Someone who wrote (or approved) code containing an integer overflow bug or something could simply apologize, and nobody would assume that they knew the bug was present. -- Seth David Schoen <[email protected]> | No haiku patents http://www.loyalty.org/~schoen/ | means I've no incentive to FD9A6AA28193A9F03D4BF4ADC11B36DC9C7DD150 | -- Don Marti _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
