Al Eridani <[EMAIL PROTECTED]> wrote: > If the design says "For each fund that the user owns, do X" and my > code does X for > all the funds but it skips the most recently acquired fund, I see it as a > "manufacturing" error. > > On the other hand, if a user sells all of her funds and the design > does not properly > contemplate the situation where no funds are owned and therefore the software > misbehaves, I see it as a "design" error.
Maybe I'm confused, but... If the design in your second case is still the same one -- "For each fund that the user owns, do X" -- then this second example, like your first, is NOT a design error but an implementation (or "manufacturing" if you prefer) error. (Both are (probably) due to some or other form of improper bounds checking, and probably due to naïve use of zero- based counters controlling a loop... 8-) ) The design "For each fund that the user owns, do X" clearly (well, to me -- am I odd in this?) says that NOTHING be done if the number of funds is zero, hence the second result is an implemention error. Regards, Nick FitzGerald _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
