oss-sec mailing list archives

Re: How to do secure coding and create secure software

From: lists () notatla org uk
Date: Sun, 28 Sep 2025 22:43:11 +0100

Can someone give an example as to how a software made up of secure
functions can be hacked?


The security depends not only on the program but on your requirements and the
environment where it is used.
https://bad-example-find-xargs-rm.s3.eu-west-2.amazonaws.com/find_xargs_rm.html

There's the whole subject of side channels where computers are bad at keeping secrets.

On scoring high at the wrong task I recommend:
https://www.cl.cam.ac.uk/archive/rja14/Papers/wcf.pdf

Books:
Schneier: Secrets and Lies
https://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/

Anderson: Security Engineering
https://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/1119642787/

Viega & McGraw: Building Secure Software
https://www.amazon.com/Building-Secure-Software-Security-Documents-ebook/dp/B003CW67YQ/

Current thread:

Re: How to do secure coding and create secure software, (continued)
- - - Re: How to do secure coding and create secure software Jeremy Stanley (Sep 28)
    - Re: How to do secure coding and create secure software Katie (Sep 28)
    - Re: How to do secure coding and create secure software Eli Schwartz (Sep 28)
    - Re: How to do secure coding and create secure software Jeffrey Walton (Sep 28)
    - Re: How to do secure coding and create secure software Amit (Sep 29)
    - Re: How to do secure coding and create secure software Jeremy Stanley (Sep 29)
    - Re: How to do secure coding and create secure software David A. Wheeler (Sep 29)
    - Re: How to do secure coding and create secure software Amit (Sep 29)
    - Re: How to do secure coding and create secure software Dan Cross (Sep 29)
    - Re: How to do secure coding and create secure software Dan Cross (Sep 29)
    - Re: How to do secure coding and create secure software lists (Sep 28)
    - Re: How to do secure coding and create secure software Solar Designer (Sep 29)
    - Re: How to do secure coding and create secure software Jacob Bachmeyer (Sep 29)
    - Re: How to do secure coding and create secure software Solar Designer (Sep 29)
    - Re: Shellshock (was: How to do secure coding and create secure software) David A. Wheeler (Sep 30)
    - Re: How to do secure coding and create secure software Amit (Sep 30)
    - Re: How to do secure coding and create secure software Solar Designer (Sep 30)
- Re: How to do secure coding and create secure software Michael Jumper (Sep 27)
- Re: How to do secure coding and create secure software Mats Wichmann (Sep 27)
- Re: How to do secure coding and create secure software Lucas Holt (Sep 28)