Re: Thanks! Re: good anti-virus software to use?
On Fri, 2006-04-21 at 22:23 -0400, Roberto C. Sanchez wrote:
> Christopher Nelson wrote:
> > On Fri, Apr 21, 2006 at 02:21:14PM -0600, Monique Y. Mudama wrote:
> >
> >>Or even more often, PHP scripts that you write yourself!
> >
> > Yes of course, but those aren't usually intentionally insecure ;) If
> > they are, you might want to see someone about it... But I (foolishly)
> > assumed that someone writing their own would realise the security risks.
> >
>
> It's funny how people overestimate their own ability to write secure
> code. At one point, I though I knew how to write secure code. Then, as
> part of my Master's courses, I took a course on secure software design.
> Mind you, this was a lot of high-level stuff. We did some shell
> scripting and some C coding. Overall, I was stunned at how easy it is
> to make mistakes that are exploitable. I know that some modern
> languages and compilers try and mitigate some of the vulnerabilities,
> but it is still easy to make mistakes.
>
> The best point that I learned in that class was that security absolutely
> must be part of the design from the very beginning if it is to have any
> sort of effect. Otherwise, you are stuck bolting it on after the fact,
> which usually does not work so well.
Unless you write with a secure language like COBOL.
--
-----------------------------------------------------------------
Ron Johnson, Jr.
Jefferson, LA USA
"(Women are) like compilers. They take simple statements and
make them into big productions."
Pitr Dubovitch
Reply to: