Secure coding initiatives can only buy you so much. Most attackers are going to utilize client side attacks (think PDF, SWF, etc) rather than coming in through the "certified secure" front door. Also, operational security is more likely to burn you than your code (bad patching, misconfiguration and other miscellaneous bits of human error).
Slashdot Mirror
Secure coding initiatives can only buy you so much. Most attackers are going to utilize client side attacks (think PDF, SWF, etc) rather than coming in through the "certified secure" front door. Also, operational security is more likely to burn you than your code (bad patching, misconfiguration and other miscellaneous bits of human error).