Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Develop Securely

Posted by michael on from the wax-on-wax-off dept.

An anonymous reader writes "This column explains how to write secure applications; it focuses on the Linux operating system, but many of the principles apply to any system. In today's networked world, software developers must know how to write secure programs, yet this information isn't widely known or taught. This first installment of the Secure programmer column introduces the basic ideas of how to write secure applications and discusses how to identify the security requirements for your specific application. Future installments will focus on different common vulnerabilities and how to prevent them."

1 of 47 comments (clear)

  1. Re:How to develop securely in 4 words by Curien · · Score: 4, Insightful

    How about (radical idea coming) we just all use the functions correctly! strcpy is not inherently insecure, it just doesn't check anything /for/ you. strncpy doesn't guarantee a terminating null character, so you have to (gasp!) check for it.

    The main problem with strlcpy is that it's not standard, hence it may not be available on your target platform.

    --
    It's always a long day... 86400 doesn't fit into a short.