Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 07, 2016, 04:37:36 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: News Article: Microsoft To Teach About Secure Code  (Read 2331 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
News Article: Microsoft To Teach About Secure Code
« on: September 17, 2008, 03:49:15 AM »
Stunningly, Microsoft apparently considers itself in a position to teach others how to code securely.

Screenshot - 17_09_2008 , 6_48_55 PM_thumb.png


Quote
After spending four years as an internal process for designing secure programs from the ground up, Microsoft's Secure Development Lifecycle could soon go mainstream.

The company on Tuesday unveiled plans to help other organizations adopt comprehensive secure coding practices through three initiatives that will go live sometime in November. The company is billing them as a way to bring SDL practices to the development masses.

Full Story

Ehtyar.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: News Article: Microsoft To Teach About Secure Code
« Reply #1 on: September 17, 2008, 05:55:45 PM »
There's actually a whole bunch of people at Microsoft who aren't shabby at writing secure code, doing research, et cetera. The problem is that it's a huge frigging company, and not all areas of the OS gets scrutinized well enough - not to mention that there's old codebases that could use a fair amount of review.

But that's what we get for sticking with C and character arrays, instead of moving to at least C++ and std::string :)
- carpe noctem

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: News Article: Microsoft To Teach About Secure Code
« Reply #2 on: September 17, 2008, 06:58:38 PM »
But that's what we get for sticking with C and character arrays, instead of moving to at least C++ and std::string :)
Hay, was that aimed at me...?


;)

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: News Article: Microsoft To Teach About Secure Code
« Reply #3 on: September 17, 2008, 07:09:12 PM »
But that's what we get for sticking with C and character arrays, instead of moving to at least C++ and std::string :)
Hay, was that aimed at me...?
;)
Nah :)

I do wonder why a lot of people (especially in the opensource community *rolleyes*) are clinging on to C code with cryptic short identifiers, use of zero-terminated strings and str* functions, and more or less spaghetti code. There really isn't much excuse for this (the C part can be justified if you need to be ├╝ber-portable, but at least apply OOP principles and don't user str* functions, always pass buffer lengths, etc.)
- carpe noctem