How Do You Know Your Code is Secure? 349
bvc writes "Marucs Ranum notes that 'It's really hard to tell the difference between a program that works and one that just appears to work.' He explains that he just recently found a buffer overflow in Firewall Toolkit (FWTK), code that he wrote back in 1994. How do you go about making sure your code is secure? Especially if you have to write in a language like C or C++?"
You don't (Score:5, Funny)
Verified (Score:5, Funny)
Shovel method (Score:5, Funny)
Easy (Score:5, Funny)
Re:What's the matter with C/C++? (Score:5, Funny)
yeah a gun by itself is not insecure either....
try giving it to a baby.....
well I prefer a baby with a knife...I can still run faster than him...
Re:Some possibilities (Score:5, Funny)
In the words of the great Donald Knuth, "Beware of bugs in the above code; I have only proved it correct, not tried it."
Don't let them use it where it matters (Score:5, Funny)
regards,
The author of sendmail
Re:You don't (Score:2, Funny)
Sorry CockMonster, with today's DNA testing, getting others to participate in your virgin sacrifice wouldn't save you if you had a buffer overflow.
*Warning* as appropriate as prophylactic might seem under its definition for use in the computer industry when talking about firewalls, sandboxes, etc, please keep in mind that some female is probably going to holler sexual harassment when they hear it. Just as they would if you mentioned their stack overflow.
Half a solution (Score:4, Funny)
Make it part of the critical path in music DRM. Then you know it's not secure.
Not sure about the flip-side, though.
Re:Don't use C++ as if it was only "C with classes (Score:2, Funny)
If it compiles... (Score:3, Funny)
It's that simple!
Re:Assume failure (Score:5, Funny)
You know you're a geek when... (Score:5, Funny)
Re:Easy (Score:4, Funny)
The first version seems to be quite secure as well, because it is likely to crash immediately, and obvious crashes will usually get fixed quickly.
Hint: What is the format string in >> sprintf("Enter something: "); and where will the output go?
Re:Same way you hunt bugs (Score:3, Funny)
Especially focus on validating usernames and passwords against an SQL database. That's my favorite.
I doubt this guy's a security expert (Score:2, Funny)
Re:The only sure way I know of: Lambda calculus (Score:2, Funny)
Re:What's the matter with C/C++? (Score:1, Funny)
Re:I don't. (Score:2, Funny)