Heh. I think we're having far too much fun in the other threads. I have a serious question. I'm a mangler in a largish company. We have developers, and contractors. No coding standards and all that, so, things are... messy.
I'm not in charge of development, but I want to help them develop something useful, and secure. Other than doing a braindump of the developers here, what are the things that you people have found useful to have in secure programming practises? I'm looking for advice, tips, procedures, processes, whatever. I will be looking through my old notes from Matt Bishop's class at SANS, and other things I've gathered throughout the years. Unfortunately, it's rather flat here, so I can't even invite Theo to come by and give a talk. Thanx! -- http://www.glumbert.com/media/shift http://www.youtube.com/watch?v=tGvHNNOLnCk "This officer's men seem to follow him merely out of idle curiosity." -- Sandhurst officer cadet evaluation. "Securing an environment of Windows platforms from abuse - external or internal - is akin to trying to install sprinklers in a fireworks factory where smoking on the job is permitted." -- Gene Spafford learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related