Secure Programming Practices (Was Re: Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?))
igb at batten.eu.org
Tue Aug 10 07:39:36 BST 2010
> In the same spirit and as you note, it is possible (I would say
> straightforward) to write secure code in most anything. All you
> need is
> knowledge, experience and discipline. Unfortunately, very few
> programmers possess all qualities at the same time.
In part, I think, because a lot of secure practices rely in an
infinite capacity for believing the worst of things, a cynicism that
comes with age, and one of the things that tends to happen to
experienced and competent codes is that they end up doing things one
or more steps removed from the code face instead.
I guess we all acquire habits that help over the years. Personally,
whatever language I'm working in I use a very poor man's version of
programming by contract and throw assertions all over the place, on
the assumption that calling conventions into every block will be
abused. And slightly more unusually, for any code with non-trivial
memory requirements I write my own allocate/de-allocate wrapper around
the local mechanism in order to count creation and destruction, and
write a structure walker than will count everything that's in use.
This comes from doing my undergrad project on Multics, where each
invocation of a program is a subroutine call rather than a Unix-style
new process, and therefore where a long day's coding is made far more
tedious by slowly leaking memory and having to create a new process,
which takes ages.
More information about the ukcrypto