Michael Silk wrote:
Ed,
[...]
Back to the bridge or house example, would you allow the builder to
leave off 'security' of the structure? Allow them to introduce some
design flaws to get it done earlier? Hopefully not ... so why is it
allowed for programming? Why can people cut out 'security' ?
Dave Paris wrote:
It's also much more likely that the foreman (aka
programming manager) told the builder (programmer) to take shortcuts to
meet time and budget - rather than the programmer taking it upon
themselves to be sloppy and not follow the specifications.
I'd note that there is the
Dave,
On Apr 11, 2005 9:58 PM, Dave Paris [EMAIL PROTECTED] wrote:
The programmer is neither the application architect nor the system
engineer.
In some cases he is. Either way, it doesn't matter. I'm not asking the
programmer to re-design the application, I'm asking them to just
program the
Pascal Meunier wrote:
Do you think it is possible to enumerate all the ways all vulnerabilities can be
created? Is the set of all possible exploitable programming mistakes bounded?
No. It's not so much a programming problem, more a specification problem.
Tools now exist that make it possible
Pascal Meunier wrote:
Do you think it is possible to enumerate all the ways
all vulnerabilities can be created? Is the set of all
possible exploitable programming mistakes bounded?
By bounded I take you to mean finite. In particular with reference
to your taxonomy below. By enumerate I take
on Monday April 11, 2005, Damir Rajnovic wrote:
On Mon, Apr 11, 2005 at 12:21:30PM +1000, Michael Silk wrote:
Back to the bridge or house example, would you allow the builder to
leave off 'security' of the structure? Allow them to introduce some
design flaws to get it done earlier?
[EMAIL PROTECTED]
[EMAIL PROTECTED]
In-Reply-To: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
charset=iso-8859-1
Content-Transfer-Encoding: 7bit
Message-Id: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Precedence: bulk
Mailing-List: contact [EMAIL
Joel Kamentz wrote:
Re: bridges and stuff.
I'm tempted to argue (though not with certainty) that it seems that the bridge
analogy is flawed
in another way --
that of the environment. While many programming languages have similarities
and many things apply
to all programming,
there are many