Re: Writing Secure code

Oh, come on. Let's not argue about stupid semantic issues when we're all on the same page. It's quite clear that one *can* build a piece of software that is not in and of itself exploitable through a flaw in the software. By that, I mean "you can't leverage remote resources for your own gain", which is what most people are talking about when they ask the question in the first place.

Saying the system that software's a part of still has risks such as DoS or physical attacks is true and obvious, but is not really germane to me given the question, because an issue with the software application itself. For example, there aren't many techniques at the application level that are effective at countering DoS measures, etc.

I'm not furthering any sort of myth; I was pointing out the reality of the situation is worse than people think. If you read Jeremy Epstein's comments as well, you'll see that environmental concerns with regard to the software (e.g., Operating System and dependent libraries) make things even harder.

John

On Friday, December 27, 2002, at 04:54 PM, Alex Russell wrote:

> On Friday 27 December 2002 11:43, John Viega wrote:
Received on Fri Dec 27 22:48:03 2002