Re: How to do secure coding and create secure software

[Jeremy Stanley <fungi () yuggoth org>]

On 2025-09-28 09:05:15 +0530 (+0530), Amit wrote:
[...]
> But still, the main point is that can someone give an example of how a 
> software made up of all secure functions be hacked? I request for an 
> example (not theoretical statements).
>
> Or, some example that happened in the past in the real world? I will 
> analyze that.
[...]

As an aside, the term "hack" has a lot of other less nefarious 
meanings, and using it to describe unwanted or criminal activity 
casts the entire hacker community in a negative light.

I think you still have tunnel vision, imagining that "hacking" 
software can only mean attacking flaws in the way it was coded. When 
I say most of the security flaws I deal with stem from poor design 
choices rather than insecure coding practices, I really mean it. I'm 
one of the vulnerability managers for the OpenStack project, and 
skimming over all the recent entries at the top of 
https://security.openstack.org/ossalist.html they basically all fit 
that description.

It's comparatively easy to avoid or catch insecure coding patterns 
that could lead to vulnerabilities, it's much harder to design 
complex software securely.
--
Jeremy Stanley

Attachment: signature.asc
Description: