> However, not > all of the kinds of things should be put in the compiler (how > many coders do you know that use the -Wall??!).
All the decent ones??? I remember people talking about "Warning free with -Wall" as a minimal requirement, and personally using that standard, over 15 years ago. And that was just for code quality reasons. Granted, many monkeys with keyboards were pulled into the industry during the 90s IT boom, but are shops that insist on warning free compiles really that rare? I'm not sure "How can we create secure software in an environment where people don't even conform to minimalist software engineering principles?" is a helpful topic for discussion as a way forward, no matter how useful it may be as a source for tool and consulting revenue. Tim Hollebeek Research Scientist Teknowledge Corp. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
