> However, not 
> all of the kinds of things should be put in the compiler (how 
> many coders do you know that use the -Wall??!).

All the decent ones???  I remember people talking about "Warning 
free with -Wall" as a minimal requirement, and personally using 
that standard, over 15 years ago.  And that was just for code
quality reasons.  Granted, many monkeys with keyboards were
pulled into the industry during the 90s IT boom, but are shops
that insist on warning free compiles really that rare?

I'm not sure "How can we create secure software in an environment
where people don't even conform to minimalist software engineering
principles?" is a helpful topic for discussion as a way forward,
no matter how useful it may be as a source for tool and consulting

Tim Hollebeek
Research Scientist
Teknowledge Corp.

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to