Re: [SC-L] Where Does Secure Coding Belong In the Curriculum?

2009-08-26 Thread Bennett, Jason
So many mistakes have been made in generations before mine that we are now trapped in a box of our own making that has us squabbling over academic minutiae like how to teach secure coding when we should not have to consider this topic at all - the code itself should be inherently secure.

Re: [SC-L] Conditional Compile statements-- coding standards, and code review

2009-02-16 Thread Bennett, Jason
Robert/Sean, It's a good question and one that I've never seen a really good answer to! Robert your option certain works but I feel that it somewhat prone to error if deployed on a large source base. So for example if a developer actually uses: #ifdef FRED # define MACRO(x) (x + 5) #endif ...

Re: [SC-L] Secure Coding Books

2008-03-12 Thread Bennett, Jason
Hi All, With all the questions about what are good books are there any views on actually implementing the principles i.e. using them on real programmes to drive security improvement. In particular the contrast between exisitng programmes and new programmes? Consider the environment before

Re: [SC-L] What's the next tech problem to be solved in software

2007-06-11 Thread Bennett, Jason
Lots of interesting points been raised in thread so here a few points I've picked out: - It's the developer's fault: A few comments were made that the lack of security lies at the door of the developers because they implement insecure code. True to an extent but I don't think you can blame