Re: How to do secure coding and create secure software

[Amit <amitchoudhary0523 () gmail com>]

On Sun, 28 Sept 2025 at 03:11, Solar Designer <solar () openwall com> wrote:

> You claim that "If functions/methods are secure then the whole software
> is secure."  If we talk C where main() is also a function, and limit the
> definition of "whole software" to one program, then I'd agree - your
> claim can as well directly say "if [all functions including] main() are
> secure then the whole software [meaning this one program only] is
> secure."  While true, under those definitions this isn't a useful claim.
>
> However, if in "functions/methods are secure" you refer only to smaller
> building blocks, then no, the program built from them may still be
> insecure.  Also "the whole software" isn't necessarily just one program.
Everyone has said more or less the same thing that even if in a software
all functions are secure then this doesn't mean that the software will be
secure.

But the point is that this is what people have said and this is all
theoretical.

Can someone give an example as to how a software made up of secure
functions can be hacked?

Let's assume that there are 2 (or more) different software and all the
functions in all the software are secure and these software are interacting
with each other. Then how can they be hacked? Can someone give an example.

I don't agree with theoretical assumptions.

Someone also mentioned that secure functions having limits on arguments can
result in DoS. In my opinion, DoS is better than getting hacked.

But still, the main point is that can someone give an example of how a
software made up of all secure functions be hacked? I request for an
example (not theoretical statements).

Or, some example that happened in the past in the real world? I will
analyze that.

Amit