The CWE / SANS Top 25 Most Dangerous Programming Errors has been published. It reminded me of something I read recently along the lines of "show me a newspaper with no typos and I'll show you software with no bugs". Programmers are human, errors occur.
Robert "RSnake" Hansen touched on some of those top errors in his presentation at NITES recently. Having had the pleasure of chatting with Robert on his "everything is insecure" stance, I'd actually re-write that quotation as: "show me a newspaper with no typos and I'll show you software that has no known security flaws". Errors are fixed. But hackers are human. They'll think of new ways of breaking software. Humans are inventive after all.
Software development - like anything - has risks. Managing the risks is what's important. Adopt a layered approach. If you have anything to do with software development and don't know what those risks are, educate yourself.
B
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment