Secure Programming Practices (Was Re: Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?))

[Ian Batten]

>
> In the same spirit and as you note, it is possible (I would say
> straightforward) to write secure code in most anything.  All you  
> need is
> knowledge, experience and discipline.  Unfortunately, very few
> programmers possess all qualities at the same time.


In part, I think, because a lot of secure practices rely in an  
infinite capacity for believing the worst of things, a cynicism that  
comes with age, and one of the things that tends to happen to  
experienced and competent codes is that they end up doing things one  
or more steps removed from the code face instead.

I guess we all acquire habits that help over the years.  Personally,  
whatever language I'm working in I use a very poor man's version of  
programming by contract and throw assertions all over the place, on  
the assumption that calling conventions into every block will be  
abused.  And slightly more unusually, for any code with non-trivial  
memory requirements I write my own allocate/de-allocate wrapper around  
the local mechanism in order to count creation and destruction, and  
write a structure walker than will count everything that's in use.   
This comes from doing my undergrad project on Multics, where each  
invocation of a program is a subroutine call rather than a Unix-style  
new process, and therefore where a long day's coding is made far more  
tedious by slowly leaking memory and having to create a new process,  
which takes ages.