Re: Article on writing secure software

Jim Dennis (jimd@STARSHINE.ORG)
Tue, 07 Apr 1998 03:06:40 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Greg Alexander: "Linux libc5.4.33 dumbness w/ mk[s]temp()"
Previous message: Joe: "BIND 4.9.7 named follows symlinks, clobbers anything."
Maybe in reply to: Trane Francks: "Article on writing secure software"

>>>>> Adam == Adam Shostack <adam@HOMEPORT.ORG> writes:
>>>>> TF == Trane Francks
TF> Perhaps I'm preaching to the converted here, but I found an
TF> interesting article in SunWorld Online regarding security and
TF> the software we write. It might be considered mandatory reading
TF> for new programmers....
TF>
TF> Take a look at:
TF>
TF> http://www.sun.com/sunworldonline/swol-04-1998\
TF> /swol-04-security.html?040198i

Adam> If Aleph oks it, I'll plug a set of code review guidelines I
Adam> wrote about a year ago:
Adam> http://www.homeport.org/~adam/review.html

I hope everyone here has also read one of the extent classics in
this rarefied field:

Matt Bishop's Writing Secure SUID Programs
http://olympus.cs.ucdavis.edu/~bishop/secprog.html

--
Jim Dennis  (800) 938-4078              consulting@starshine.org
Proprietor, Starshine Technical Services:  http://www.starshine.org
        PGP  1024/2ABF03B1 Jim Dennis <jim@starshine.org>
        Key fingerprint =  2524E3FEF0922A84  A27BDEDB38EBB95A

Next message: Greg Alexander: "Linux libc5.4.33 dumbness w/ mk[s]temp()"
Previous message: Joe: "BIND 4.9.7 named follows symlinks, clobbers anything."
Maybe in reply to: Trane Francks: "Article on writing secure software"