-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffrey Walton wrote: > http://www.sans.org/top25errors/ > > A bit old (in case anyone has seen it). But I like that vendors are > held responsible: > > Buyers will require that software vendors certify > in writing that the code they are delivering is free > of these 25 programming errors. Certification shifts > responsibility to the vendor for correcting the errors > and for any damage caused by those errors. > > >
Jeff, I was going through mail and saw this one. Secure code is always a good topic and an even better practice sense we all know what happens when the stack is taken advantage of. It's amazing that yet we have so many security related products in the market we have yet to see one solution that covers every threat wrapped up into one package. I know your going to get a kick out of this one. If we have plug-in for anti-virus software that scans outlook for malicious attachments then why not a plug-in that runs inside visual studio and scans for potential code vulnerabilities. I know what your thinking... We already do! The compiler tells us. Sadly people are lazy which is what this comes down to. Maybe if we put up a big alert symbol that says something along these lines, stop your code is vulnerable! I cannot let you compile this crap that you call code. We could even add the sound of a squealing pig ever time we find a potential buffer overflow. Ha! Code it up Jeff w00t! -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJnbbNRnxC5lZRuuERAqXSAKCjvF+N13D2NZTQl0WYsHC61usrAwCgncNS PvbnpXZmoTv0/7nXS8TBq3Y= =jemG -----END PGP SIGNATURE----- --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
