On Tue, Dec 18, 2007 at 12:03:56PM -0800, Ted Unangst wrote: > On Dec 18, 2007 4:36 AM, Gregg Reynolds <[EMAIL PROTECTED]> wrote: > > https://www.securecoding.cert.org/confluence/display/seccode/CERT+Secure+Coding+Standards > > > > Looks pretty good to me, but it's beyond my competence to judge. I'd > > be very interested in what experienced OBSD developers make of it. > > I've always kinda wished they would put together a guide to > > secure/quality coding (yes, I'm lazy); maybe the CERT stuff is close > > enough? > > "ARR35-C. Do not allow loops to iterate beyond the end of an array" > > i doubt advice like that has much benefit. if you didn't know the > rule before, you're kinda hopeless. more likely, you knew the rule, > but screwed it up. "don't screw up" is just as helpful, and > applicable to more situations too. > > as with any list of advice that's not targeted at a specific topic, it > hides any helpful info between all the fluff. > >
Probably doesn't help, but I prefer to program in Ada. It enforces and does some self-checking both at compile-time and at runtime. Unfortunatly, the only freely-available (i.e. that you don't have to pay for) is GPL. Doug.
