Hosting Provided By

RE: Writing Secure code

From: Jeremy Epstein <jepstein(at)webmethods.com>
Date: Fri Dec 27 2002 - 12:46:05 EST

> And one more thing...<this one might be interesting ;-)> Is it possible
> to write code that is completely secure and not exploitable?

Yes.

main() { exit(0); }

is completely secure and not exploitable. Beyond that, you're on your own :-)

I think what you really mean is "is it possible to write code THAT DOES SOMETHING USEFUL that is completely secure and not exploitable". In general, the answer is "no". Any program of even moderate complexity, by today's standards, includes so much baggage that it's impossible to say with absolute certainty that it's secure. Even if there's no vulnerabilities in your code, the stuff you drag in (e.g., DLLs) is highly likely to have problems.

--Jeremy Received on Fri Dec 27 14:37:42 2002

This message: [ Message body ]
Next message: Valdis.Kletnieks(at)vt.edu: "Re: Writing Secure code"
Previous message: Dana Epp: "Re: Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
Next in thread: Valdis.Kletnieks(at)vt.edu: "Re: Writing Secure code"
Reply: Valdis.Kletnieks(at)vt.edu: "Re: Writing Secure code"
Reply: Valdis.Kletnieks(at)vt.edu: "Re: Writing Secure code"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT