Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Dangerous coding errors revealed (BBC)

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread		 This topic is archived.
Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU
 
eppur_se_muova Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-13-09 06:36 PM
Original message
Dangerous coding errors revealed (BBC)
The US National Security Agency has helped put together a list of the world's most dangerous coding mistakes.

The 25 entry list contains errors that can lead to security holes or vulnerable areas that can be targeted by cyber criminals.

Experts say many of these errors are not well understood by programmers.

According to the SANS Institute in Maryland, just two of the errors led to more than 1.5m web site security breaches during 2008.

It is thought that this is the first time the industry has reached agreement on the worst things that can creep into software as it is being written.
***
more: http://news.bbc.co.uk/2/hi/technology/7824939.stm
Printer Friendly | Permalink |  | Top
ColbertWatcher Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-13-09 06:56 PM
Response to Original message
1. Interesting.
But, why do I get the feeling that the NSA that is currently in place can't be trusted?

Aren't they the same ones behind the infamous room 641A?


Now they're giving out advice on which coding "errors" should be included in all software?
"Then we need to make sure every programming team has processes in place to find and fix these problems and has the tools needed to verify their code is as free of these errors,"


Maybe I'm paranoid, but I wouldn't trust these guys to be giving advice that wouldn't allow for less security and more spying.
Printer Friendly | Permalink |  | Top
 
Posteritatis Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-13-09 08:34 PM
Response to Reply #1
3. Er, it's advice on which errors should be *excluded*
Every one on that list is a Bad Thing securitywise. You read the article completely backwards.
Printer Friendly | Permalink |  | Top
 
ColbertWatcher Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-13-09 09:45 PM
Response to Reply #3
5. Maybe I was being paranoid ...
... what I meant was that the code used to "solve" the problem contains a future, as yet undiscovered problem.
Printer Friendly | Permalink |  | Top
 
Posteritatis Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-14-09 12:13 AM
Response to Reply #5
6. They aren't suggesting specific code
The stuff being suggested really is the equivalent of "don't tape your key to your front door." Folks can implement that however they want, and will have no choice but to implement it in a variety of different ways anyway.
Printer Friendly | Permalink |  | Top
 
ColbertWatcher Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-14-09 04:56 AM
Response to Reply #6
8. Okay, that makes sense. Thank you. n/t
Printer Friendly | Permalink |  | Top
 
lelgt60 Donating Member (417 posts) Send PM | Profile | Ignore Tue Jan-13-09 07:49 PM
Response to Original message
2. There's nothing new here...
These are well understood, well known, and legitimate errors. They're also pretty generic. Nothing specific, or secret, etc.

Unfortunately, programming is hard. Even when you are aware of the issues, you can make the mistake. So many details...

Many things can be caught with other validation software, or good reviews, but still...
Printer Friendly | Permalink |  | Top
 
EvolveOrConvolve Donating Member (1000+ posts) Send PM | Profile | Ignore Tue Jan-13-09 08:58 PM
Response to Original message
4. The list is a joke
The issues are all generic, bland descriptions of broad errors that can open systems to hackers. It's like having a list of the most dangerous parts of your house in regards to burglary and saying that an "unlocked front door" is the most dangerous situation. As a software engineer, some of these things are very, very basic.

Unfortunately, the fact that a list even has to be published shows how ignorant many systems and software developers are.
Printer Friendly | Permalink |  | Top
 
Posteritatis Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Jan-14-09 12:14 AM
Response to Reply #4
7. Basic, but a basic programming error bricked a few zillion Zunes two weeks ago (nt)
Printer Friendly | Permalink |  | Top
 
DU AdBot (1000+ posts) Click to send private message to this author Click to view this author's profile Click to add this author to your buddy list Click to add this author to your Ignore list Fri Dec 27th 2024, 02:37 PM
Response to Original message
Advertisements [?]
 Top

Home » Discuss » Archives » General Discussion (1/22-2007 thru 12/14/2010) Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC