On 12/22/06, Gary McGraw [EMAIL PROTECTED] wrote:
I have a better idead. Stop using C++. Jeeze.
Even better then that; stop programming insecurely.
gem
*rolleyes*
-- mic
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List
On 11/13/06, Glenn and Mary Everhart [EMAIL PROTECTED] wrote:
Crispin Cowan wrote:
Al Eridani wrote:
On 11/9/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Prior to Java, resorting to compiling to byte code (e.g. P-code back in
the Pascal days) was considered a lame kludge because the
On 11/14/06, ljknews [EMAIL PROTECTED] wrote:
At 10:31 PM +1100 11/13/06, mikeiscool wrote:
On 11/13/06, Glenn and Mary Everhart [EMAIL PROTECTED] wrote:
If there is some construct that NEEDS to be interpreted to gain something,
it
can be justified on that basis. Using interpretive
On 11/14/06, Leichter, Jerry [EMAIL PROTECTED] wrote:
| If there is some construct that NEEDS to be interpreted to gain
| something, it can be justified on that basis. Using interpretive
| runtimes just to link languages, or just to achieve portability
| when source code portability
And then there's write once, run anywhere. Yeah ... right. I've run
Java applets, and Javascript applets, and the latter are vastly superior
for performance, and worse, all too often the Java applets are not run
anywhere, they only run on very specific JVM implementations.
You really can't
On 11/9/06, SZALAY Attila [EMAIL PROTECTED] wrote:
Hi All,
On Thu, 2006-11-09 at 10:20 +1100, mikeiscool wrote:
You can definately get appropriate information via the stack trace
with java's exception handling. It's strange to see you say debugging
is _eaiser_ in c, typically people
On 11/8/06, SZALAY Attila [EMAIL PROTECTED] wrote:
Hi All!
On Mon, 2006-11-06 at 23:23 +1100, mikeiscool wrote:
Hold the phone ... What debugging problems? What _specific_ speed
issues? I'd be really surprised if your project couldn't be resolved
with java; what specific problems
On 11/6/06, SZALAY Attila [EMAIL PROTECTED] wrote:
Hi All!
I read this thread and I little be afraid. I'm just ahead of a complete
rewriting of my program. The previous code was written in pure C (with
an OOP looks-like somewhere).
This program should run on Linux, freebsd and windows
On 10/28/06, David Crocker [EMAIL PROTECTED] wrote:
Crispin Cowan wrote:
For me, the enemy in the room is C++. It gives you the safety of C with the
performance of SmallTalk. There is no excuse at all to be writing anything in
C++ yet vastly too many applications are written in C++ anyway.
On 10/13/06, Craig E. Ward [EMAIL PROTECTED] wrote:
At 10:03 AM -0400 10/12/06, ljknews wrote:
At 9:20 AM -0400 10/12/06, Robert C. Seacord wrote:
I'm also teaching a course at CMU in the spring on Secure Coding in C
and C++.
Is there participation on this list from the (hopefully
On 10/12/06, Gadi Evron [EMAIL PROTECTED] wrote:
So, how can we edit current basic programming college books to present
secure code, a couple of words of the correct way of doing things, and a
whole new chapter on secure coding (which may be redudndent?)
How do we start?
Some Whiley book
On 10/13/06, David A. Wheeler [EMAIL PROTECTED] wrote:
mikeiscool claimed:
Secure programming is good programming.
Most books teach good programming.
I strongly disagree with you, on both counts.
As is your right :)
At the least, those who say they practice good programming
practices
good or bad, it's quite old. www.koders.com has been doing it for
years. considering the source is available for anyone to download
anyway, and investigate themselves, i don't see the big deal. the
engines just let you search a whole bunch at once, and why would any
one company/product care about
On 9/1/06, Pascal Meunier [EMAIL PROTECTED] wrote:
On 8/30/06 3:46 PM, Tim Hollebeek [EMAIL PROTECTED] wrote:
What you've proposed are exceptions. They do help (some) in separating
the normal logic from error handling, but:
(1) they often leave the job half done which has its own
On 7/26/06, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
FYI, I saw an interesting article today on IBM's web site detailing how to
(and how NOT to) use encryption within PHP code. Those interested can find
the article at:
Sorry, but it is a fact. Yes, you can have provably correct code. Cost
is approximately $20,000 per line of code. That is what the procedures
required for correct code cost. Oh, and they are kind of super-linear,
so one program of 200 lines costs more than 2 programs of 100 lines.
Someone
On 7/21/06, Florian Weimer [EMAIL PROTECTED] wrote:
* Brian A. Shea:
My slogan:
Unsecured Applications = Unsecured Business
Which is completely acceptable if you and your business partners are
aware of the risk level at which your are running your company.
Secure software costs more,
On 7/21/06, Dana Epp [EMAIL PROTECTED] wrote:
yeah.
but none of this changes the fact that it IS possible to write
completely secure code.
-- mic
And it IS possible that a man will walk on Mars someday. But its not
practical or realistic in the society we live in today. I'm sorry mic,
On 7/20/06, Andrew van der Stock [EMAIL PROTECTED] wrote:
Actually, it is a myth.
For every non-trivial system, there are business pressures on
resourcing, deadlines, and acceptable quality (pick any two). Once a
business has set their taste for risk, it makes no sense to spend say
$10m on
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet accurate and comprehensive.
My
20 matches
Mail list logo