Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > secprog > 02 > 120162.html (Request Expert securityfocus.com Support)

RE: Writing Secure code

From: Matt McClellan <mmcclellan(at)nfr.com>
Date: Mon Dec 30 2002 - 07:41:05 EST

A proposal:

Since a lot of the discussion on this thread (including my own contributions) has focused on semantic issues such as defining "secure code", why not take a stab at a working definition for secure code so we can get down to brass tacks?

For starters, let's go with a paraphrase of the definition provided by John Viega:

   Code that is not in and of itself exploitable through a flaw    its implementation.

with the following stipulations:

  1. It is not practical to determine whether or not non-trivial code is "bug-free". As stated before, that would require testing all possible paths with all possible inputs in all possible environments. Even if it was possible, it would be extremely tedious. :-)
  2. Generally, the developer can only control how input to the program (including return codes, signals, etc) is handled, not how external resources function. For example, the developer can't really do squat if Oscar P. Malware trojans libc so that it transmits the data from each and every *printf call to his dark black hat lair.

--McC 

-- 
Matt McClellan               Sr. Software Engineer
mmcclellan@nfr.com           NFR Security, Inc.
Received on Tue Dec 31 03:27:41 2002

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT

Do you need help?X
Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library