Re: [tlug] The Peon's Guide to Secure System Development

[Edward Wright <edw@example.com>]

Skipped this when I saw it on Bugtraq 'cause the author's "Abstract"
made it sound like it would be a rant.

Well, in a way it is, but one worth reading.

Thanks for the heads up.
E

On Sun, Nov 17, 2002 at 02:43:44PM +0900, A. Sajjad Zaidi wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Saw this on Bugtraq recently. Should be useful to both developers and
> admins:
> 
> 
> Abstract:
> 
> Increasingly incompetent developers are creeping their way into
> important projects. Considering that most good programmers are pretty
> bad at security, bad programmers with roles in important projects are
> guaranteed to doom the world to oblivion. The author feels that a step
> towards washing himself clean of responsbility is by writing this
> document. Checking your memcpy() and malloc() calls have been lectured
> to death. It's not working. The approach used by this document is to
> instead shame developers into producing better systems. Enjoy.
> 
> 
> To save bandwidth, the interested parties may find the rest at
> the following URL, in several formats:
> 
> 
>     http://m.bacarella.com/papers/secsoft/
> 
> 
> - -- 
> A. Sajjad Zaidi
> System Administrator
> Technology & Operations Div.
> Digital Garage Inc.