This is something where I have to watch my own mind. Figuring out a binary in C++ is very difficult. The Java is not really a binary, at least not in the "runs by itself" meaning. (Everything is (a) binary in reality, including the file holding this email.)
Realizing that java "binaries" hold a lot more is a mental shift that probably must be actively kept in mind. Those with only Java experience may think it is obvious, but how many developers did not start with Java and have not purged this concept from their mind.
This is a topic worth consideration when we are educating developers on secure development. At least it seems to to me!
-- Brad Andrews RBA Communications CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
