Rahul Chander Kashyap <rahulat_private> said: >>So, how about directing our focus with a aim at reaching ... >>some kind of a standard/practice which aims at following >>certain guidelines to be taken at the design stage of any software >>development process ... >>yes there are books..i agree but then if we follow something as a standard >>i'm sure that it shall be more universally accepted and we also cud improve >>on those! ... >>But from our/the >>developer point of view shudn't we have a practice that shud be adhered to?? >>(Say this could start from as simple a thing like ONLY using checked >>functions like strncpy() instead of strcpy.) I'm a strong supporter of useful standards, but the emphasis has to be on "useful". For example, you can have perfectly insecure code using strncpy(). See my book for why that's so. Cookie cutters don't work well here. A standard "guidance" document could be useful; the existing books could be used as a starting point. But it requires much more text - it's not just "don't use function X, use function Y". But if you really want secure code, the MOST important thing is to get developers trained in how to write secure programs. The basic problem isn't that we need better books or guidance. The problem is that developers don't grok _ANY_ of the books. In short, you only need one meta-practice: if you're a developer, you MUST sit down and learn how to write secure code. Period. Lots of other things can help (e.g., languages/libraries with fewer "sharp edges", processes, tools, etc.) - but they will _all_ fail badly if developers don't know how to do the job. I half-seriously think we should shut down every CS or Software Engineering department that doesn't devote at least two hours to the subject of how to develop your own secure software. NOT "how the DES algorithm/Kerberos/IPSec/ firewalls work". Because, in the real world, people don't re-write DES - they implement their own code, and tend to make the same mistakes as everyone else did before them. Now that the Internet is ubiquitous, EVERY developer has to write secure code at some time - it's a result of being interconnected. Grab any of the books I mentioned (mine, Howard's, Viega's) and use that as a resource. Talk through the S&S principles, walk through the most common types of vulnerabilities in real programs and how to avoid them. In one hour a developer can learn enough to avoid 99% of the mistakes currently being made. I've done this many times. You can even download my 1-hour talk and slides for free from: http://www.dwheeler.com/secure-programs It's criminal that we can't figure out how to get that 1-2 hours. --- David A. Wheeler
This archive was generated by hypermail 2b30 : Thu Jan 02 2003 - 18:45:39 PST