> > And one more thing...<this one might be intresting ;-)> Is it > > possible > > to write code that is completely secure and not exploitable? > > This is just a specific case of the question "Is it possible > to write totally bug-free code"? And yes, it's *possible* to > write bug-free code. The problem is that it's incredibly > difficult to manage the development process in such a way > that bugs are totally prevented - remember that humans are > writing the code, and humans are.. well... human. ;) The problem is not in writing code in which bugs are "totally prevented". It's in knowing that what you have written is bug (i.e. fault) -free. The only way to know this is to test your program with *all possible* inputs, which is impossible for all but the most trivial programs. Thus, you can never know that what you have written is in fact bug free. Unfortunately, this applies to writing secure programs as well. Sure, there are practices that we can utilize that will help us make our code more secure, but we can never be sure that is "totally secure". Roger Alexander. Roger T. Alexander Associate Professor Department of Computer Science Colorado State University
This archive was generated by hypermail 2b30 : Fri Dec 27 2002 - 22:05:16 PST