oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to do secure coding and create secure software

From: Mats Wichmann <mats () wichmann us>
Date: Sat, 27 Sep 2025 18:32:04 -0600
On 9/27/25 02:30, Amit wrote:

-----------------------------------------------------------------------
How to do secure coding and create secure software
-----------------------------------------------------------------------

I can do secure coding and no one can hack my code unless the language/OS have
some issues. You can challenge me on this.

Ultimately, all software boil down to functions/methods. If functions/methods
are secure then the whole software is secure.
That's just plain silly. You will get challenged on this... already seen some. I'll just post a hokey analogy: a door lock is secure, as it requires a "thing you have" (the key). The API is fine. If you don't protect the security token (leave the key under a flowerpot), that's not the fault of the lock - defeated by bad security processes and no fault of the "function". If someone kick in the door it's bad design: a door jamb made out of wood isn't safe from a brute force attack, even if the lock mechanism itself wasn't breached.
The "whole system" matters a lot. Secure functions are necessary but not sufficient.
Previous By Date Next
Previous By Thread Next

Current thread: