On 9/1/06, Pascal Meunier <[EMAIL PROTECTED]> wrote:
>
>
>
> On 8/30/06 3:46 PM, "Tim Hollebeek" <[EMAIL PROTECTED]> wrote:
>
> >
> > What you've proposed are exceptions. They do help (some) in separating
> > the normal logic from error handling, but:
> >
> > (1) they often leave the job "half don
OWASP Autumn Of Code 2006
London, United Kingdom, August 31, 2006
The Open Web Application Security Project (OWASP) is launching
today a new project aimed at financially sponsoring contributions to OWASP Projects.
The new project, called "OWASP Autumn of Code 2006"
>> ever heard of exceptions? They're basically goto plus limited
>> state. Spaghetti lives!
Not at all. Exceptions are not like gotos; in particular, an exception
cannot be used to jump *into* a construct. The major problems with
gotos are that they can be used to do branches that are downward
On 8/30/06 3:46 PM, "Tim Hollebeek" <[EMAIL PROTECTED]> wrote:
>
> What you've proposed are exceptions. They do help (some) in separating
> the normal logic from error handling, but:
>
> (1) they often leave the job "half done" which has its own risks.
> writing exception safe code can b
Hi all,
I'm going to be giving a free seminar about software security along with
Greg Rose from Qualcomm in Menlo Park on Thursday. More about the
seminar here:
http://www.cigital.com/news/cigital_seminar.pdf
If you are in the area and you would like to attend, please drop me a
quick note.
gem
I would like to suggest an approach to solving Kevin's problem of "How
can we stop the spreading insecure coding examples at training classes,
etc.?"
The CERT/CC has just deployed a new web site dedicated to developing
secure coding standards for the C programming language, C++, and
eventually ot
SYNTAX ERROR ON LINE 0:
> I take exception (haha!) at having them dismissed like this. It
sounds like
KEYWORD "(haha!)" ILLEGALLY NEGATED
PLEASE RESUBMIT ARTICLE
gem
This electronic message transmission contains infor
I take exception (haha!) at having them dismissed like this. It sounds like
you encountered some badly written exception handling code. Error handling
can also be really bad, where at every call layer the original error gets
filtered or translated to a point where you just know something went wro
>as an industry we did manage to get
>rid of computed gotos, spaghetti code, etc., so maybe there's
>hope.
ever heard of exceptions? They're basically goto plus limited state.
Spaghetti lives!
gem
company www.cigital.com
podcast www.cigital.com/silverbullet
book www.swsec.com
-
Tim Hollebeek writes...
> Really, the root of the problem is the fact that the simple version
> is short and easy to understand, and the secure version is five
> times longer and completely unreadable. While there always is some
> additional complexity inherent in a secure version, it is nowhere
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hollebeek
> Sent: 30 August 2006 18:23
> To: 'Wall, Kevin'; SC-L@securecoding.org
> Subject: Re: [SC-L] How can we stop the spreading insecure
> coding examplesattraining classes, etc.?
>
>
>
11 matches
Mail list logo