Loading ...
Sorry, an error occurred while loading the content.

[XP] Re: secure programming

Expand Messages
  • azami@speakeasy.net
    ... you ... test cases ... into your ... Good point. I d suggest making rules like that explicit in a coding standard, and occasionally brainstorming for ways
    Message 1 of 6 , Apr 30, 2001
    • 0 Attachment
      --- In extremeprogramming@y..., "Nick Fortescue" <nick@o...> wrote:
      > rule is "Never write user input controlled strings to printf etc as
      you
      > might get format string vulnerabilities". But it is hard to write
      test cases
      > which prevent two novices pairing together introducing such bugs
      into your
      > code.

      Good point. I'd suggest making rules like that explicit in a coding
      standard, and occasionally brainstorming for ways to test it. (How
      about a string object with a "user input" attribute? Ensure that
      string objects can only be printed through their own methods? I'm not
      actually trying to solve it, but I do think a team that needs it
      should occasionally try.)

      Although not normally required for XP, I'd definitely subject the
      security-critical work of a pair of novices to review.

      In fact, I'd probably subject all security-critical work to review. I
      suppose this is effectively the purpose of opening the source.


      -Matthew
      azami@...
    Your message has been successfully submitted and would be delivered to recipients shortly.