On Dec 18, 2007 4:36 AM, Gregg Reynolds <[EMAIL PROTECTED]> wrote: > https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards > > Looks pretty good to me, but it's beyond my competence to judge. I'd > be very interested in what experienced OBSD developers make of it. > I've always kinda wished they would put together a guide to > secure/quality coding (yes, I'm lazy); maybe the CERT stuff is close > enough?
"ARR35-C. Do not allow loops to iterate beyond the end of an array" i doubt advice like that has much benefit. if you didn't know the rule before, you're kinda hopeless. more likely, you knew the rule, but screwed it up. "don't screw up" is just as helpful, and applicable to more situations too. as with any list of advice that's not targeted at a specific topic, it hides any helpful info between all the fluff.
