Crispin, I think you may have over spoken below:
> Seeking perfect correctness as an approach to security is a fool's > errand. Security is designing systems that can tolerate imperfect software. I could go along with "achieving perfect correctness as an approach to security is a fool's belief" but I believe the desire to achieve correctness is a prerequisite for security. More specifically, I have found that systematic schemes for providing software security (such as memory protection, canaries, etc.) are generally ineffective once a coding error (such as a buffer overflow) allows an attacker to penetrate the peripheral defense of code correctness. Given the current state of software security, I don't think any security "best" practice can abandoned and that defense-in-depth is a practical necessity. Also, back on the book topic, I recently heard of an older but successful book that did nothing but take examples from other books and show in detail how they were incorrect. Perhaps such a "supplemental" text could be developed for commonly used text books. rCs _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php