Updated: 8/12/2003; 11:00:24 AM.
John Bristowe's Weblog
public class JohnBristowe : Plumber, ITookTheRedPill { ... }
        

Tuesday, August 27, 2002

Coding For Failure

http://msdn.microsoft.com/msdnmag/issues/02/09/SecurityTips/

A subset of this list easily constitutes part of the "The Ten Commandments" of writing secure code. Michael Howard and Keith Brown hit the nail on the head with list item #8 (Pay Attention to Failure Modes).

In my opinion, "pessimistic programming" is the best form of defense against exploits. Murphy's Law decrees that a developer should expect things to fail eventually. However, this style of programming is ignored far too often; the reality of business focusing on features rather than on security or "trustworthy computing".


12:25:17 AM    comment []

© Copyright 2003 John Bristowe.
 
August 2002
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31
Jul   Sep
.NET Junkies
ASP.NET
CNUG
discuss.develop.com
ESS
GotDotNet
Groove
INETA
Microsoft
Windows Forms.NET
Click here to visit the Radio UserLand website.

Subscribe to "John Bristowe's Weblog" in Radio UserLand.

Click to see the XML version of this web page.

Click here to send an email to the editor of this weblog.