Here is a doc about to write safe code:
http://www.giac.org/practical/GSEC/Jason_Deckard_GSEC.pdf
With C code the problems where about:
a) string functions withouth buffer overflow check b) malicious users
we can change all strcpy to strncpy and make code safe, but problem b) is huge. Looks like AMD and Intel also want to help with hardware "solutions", and Microsoft is about to help too.
To me, the migration to garbagge collection enable langs will be a good leap to solve the problem. Managing the memory directly is dangerous. C++ is a step in that direction (new and delete) but you still need to care about memory. ".NET" with C# can be more about that, Java its also good (and actually is fast)
Of course, you cant solve bad design decisions, like Outlook Active-X or Outlook MSHTML or other bad habits, but you can stop adding more bugs.
I have to check the Apache code, I suspect will have some nice memory management...
IANRC,MCS I am not a real coder. My code sux.
_______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlcoders
