Wed, 30 Jun 2004

Blame Bad Security on Sloppy Programming

From the article in question:

These tools (lint, etc.) have existed for years but are not popular. Why? Because they generate a lot of warnings, and, as countless software engineers have pointed out, it's time-consuming to sift through the spurious warnings looking for the ones that really matter. I've got news for them: there is no such thing as a warning that doesn't matter. That's why it warns you. Anyone who has worked with enough code will tell you that, generally, software that compiles without warnings crashes less often.

And all the programmers said: Right on! I always set my compilers for full warnings, and I recheck and recompile until I get a completely clean build. It's only logical, after all, but logic is too often ignored in production programming, mostly in the interest of speed.

An old friend of mine was fond of telling the marketing droids that their choices were:

  • quality code
  • on time
  • under budget
He'd then ask them to pick two.

ACM Queue has an article that blames security flaws on poor programming, rather than any inherent problems with particular languages. From the article: 'Remember Ada? ... we tried getting everyone to switch to a 'sandboxed' environment with Java in the late 1990s... Java worked so well, Microsoft responded with ActiveX, which bypasses security entirely by making it easy to blame the user for authorizing bad code to execute.'

(link) [Slashdot]

/Technology | 0 writebacks | permanent link


comment...

 
Notes: If you put a <mailto:> link in the URL field your address will not be mangled: this could be a bad idea as your email address could be easily harvested by bots designed for SPAM. The comments field should now format correctly for line feeds and carriage returns: when you hit the 'Enter' or 'Return' keys in your comment it should break to a new line. The text should wrap cleanly. Please let me know if it doesn't. No HTML tags will pass through - entering links seems to be the main cause of comment SPAM. Also, please be sure that Javascript is enabled in your browser before attempting to post a writeback. Sorry for any inconvenience, but this really helps cut down on the amount of comment SPAM I have to deal with.
 
 Name:
 URL:(optional)
 Title: (optional)
 Comments:  
Save my Name and URL/Email for next time