On 9/27/25 02:30, Amit wrote:
-----------------------------------------------------------------------
How to do secure coding and create secure software
-----------------------------------------------------------------------
I can do secure coding and no one can hack my code unless the language/OS have
some issues. You can challenge me on this.
Ultimately, all software boil down to functions/methods. If functions/methods
are secure then the whole software is secure.
That's just plain silly. You will get challenged on this... already
seen some. I'll just post a hokey analogy: a door lock is secure, as it
requires a "thing you have" (the key). The API is fine. If you don't
protect the security token (leave the key under a flowerpot), that's not
the fault of the lock - defeated by bad security processes and no fault
of the "function". If someone kick in the door it's bad design: a door
jamb made out of wood isn't safe from a brute force attack, even if the
lock mechanism itself wasn't breached.
The "whole system" matters a lot. Secure functions are necessary but not
sufficient.
