Re: [SC-L] Compilers

2006-12-27 Thread SC-L Subscriber Dave Aronson
Tim Hollebeek [mailto:[EMAIL PROTECTED] wonders:

  are shops that insist on warning free compiles really that rare?

Yes.  I've worked for or with many companies over the years, totalling probably 
somewhere in the mid-teens or so.  In all that, there was, to the best of my 
recollection, only ONE that insisted on it, other than my own one man show.  
Add to that, numerous open source apps I've compiled; I haven't kept track of 
how many were warning-free, but it's rare enough that I consider it a pleasant 
surprise.

In several projects, I fixed some nasty bugs (inherited from other people) by 
turning warnings on (they were often totally suppressed!), and fixing the 
things that the warnings were trying to warn me about.  This is of course 
obvious to you and me, and probably to most of this list, but apparently not to 
the vast majority of programmers (even so-called software engineers), let alone 
people in any position of authority to set such policies.  :-(

-Dave

-- 
Dave Aronson
Specialization is for insects.  -Heinlein
Work: http://www.davearonson.com/
Play: http://www.davearonson.net/



___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___


Re: [SC-L] Compilers

2006-12-27 Thread Tim Hollebeek
 
 However, not 
 all of the kinds of things should be put in the compiler (how 
 many coders do you know that use the -Wall??!).

All the decent ones???  I remember people talking about Warning 
free with -Wall as a minimal requirement, and personally using 
that standard, over 15 years ago.  And that was just for code
quality reasons.  Granted, many monkeys with keyboards were
pulled into the industry during the 90s IT boom, but are shops
that insist on warning free compiles really that rare?

I'm not sure How can we create secure software in an environment
where people don't even conform to minimalist software engineering
principles? is a helpful topic for discussion as a way forward,
no matter how useful it may be as a source for tool and consulting
revenue.

Tim Hollebeek
Research Scientist
Teknowledge Corp.


___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
___