[kwlug-disc] Security arguments

john at netdirect.ca john at netdirect.ca
Wed Sep 23 17:03:53 EDT 2009


kwlug-disc-bounces at kwlug.org wrote on 09/23/2009 03:58:54 PM:

> From: "L.D. Paniak" <ldpaniak at fourpisolutions.com>
> 
> There is implication 0.5:
> 
> If you make your code absolutely secure at the cost of making it too
> hard for newbies to use, then no one will be able to afford software
> developers. Or software.
> 
> Windows 8 would cost $500 for the upgrade version and there would be a
> lot fewer open source projects in the world.
> 
> As with anything, it is a cost-benefit balance.  You could spend 3 years
> debugging your code and make sure it is airtight, or you can get it out
> the door today and get your paycheque.
> 
> What is security worth to you in time and $$? That is going to determine
> how secure your code or website is.

The most damaging bugs found in web applications, code injection, are 
handled through easy to program and use escape functions or handy SQL 
calls.

A lot of security would be gained if the tutorial mentioned this key 
practice.

I was formally taught programming, almost 20 years ago now, and very 
little (nothing?) was taught about security, but we were taught about 
buffer overruns, because of the potential for bugs, not the security.

Today I hope that students are taught to inspect all input data.





More information about the kwlug-disc mailing list