[tlug] The Peon's Guide to Secure System Development

["A. Sajjad Zaidi" <sajjad@example.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Saw this on Bugtraq recently. Should be useful to both developers and
admins:


Abstract:

Increasingly incompetent developers are creeping their way into
important projects. Considering that most good programmers are pretty
bad at security, bad programmers with roles in important projects are
guaranteed to doom the world to oblivion. The author feels that a step
towards washing himself clean of responsbility is by writing this
document. Checking your memcpy() and malloc() calls have been lectured
to death. It's not working. The approach used by this document is to
instead shame developers into producing better systems. Enjoy.


To save bandwidth, the interested parties may find the rest at
the following URL, in several formats:


    http://m.bacarella.com/papers/secsoft/


- -- 
A. Sajjad Zaidi
System Administrator
Technology & Operations Div.
Digital Garage Inc.
gpg --keyserver pgp.mit.edu --recv-keys 267E0D0E

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE91yyOt1KjqyZ+DQ4RAtKAAJ90Jpk1FiogKtpp5q4arn3yGdLCsACgjLrP
LXphFZ58F+il6Au4maK/YZY=
=m9qk
-----END PGP SIGNATURE-----