OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: BitchX /ignore bug
From: Bluefish (11aGMX.NET)
Date: Sat Jul 08 2000 - 16:14:47 CDT

Itīs one way to look at it. But on the other hand, most developers *ought*
to be aware of secure coding. Because it wonīt be the same people who
write well know unix deamons who write the billions of softwares which
eventually might be used to handle important data. To fix bugs in
operating systems and other software commonly analyzed by "the security
community" is important, but there are tons of other programs out there
which will end up containing bugs if left to people with little knowledge
of security write them.

I donīt think itīs a very good idea that this is entirely up to be taught
in mailing lists or to nbe read from the web. It wonīt change over a
night, but I think that in time this will change.

> the code itself, but on the underlying protocols and concepts. Again, it
> was taught in java. A thorough examination of what constitutes a stack
> overflow exploit in C, and writing secure code in general, are concepts
> that might best be taught to beginning programmers by the security /
> programming community itself, by making instructional docs available
> online (if they aren't now), because they're not going to show up on an
> academic curriculum any time soon. You've got to take care of your own.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team