secure programming

[Rob Wehrli]

On Wed, 3 Dec 2003, der.hans wrote:

> moin, moin,
>
> the shadow thread brought up an important point that often gets
> overlooked:
>
> security
>
> I'm certain we've all had to deal with programs that really didn't do
> security correctly.
>
> Anybody want to do a presentation on secure programming?
>
> Maybe cover things like c lib routines that are buffer overlaod safe.
> They exist, but they don't always get used.
>
> I can cover some simple shell stuff like tempfile, but I would be out of
> my element in other languages.
>
> This topic would actually make several good presentations, e.g.
> methodology, methodology of parsing user input, network stacks, secure
> Perl, secure Python, etc.
>
> Alan wants to move to monthlies. This could be a good way to go.
>
> ciao,
>
> der.hans
>

I've got the O'Reilly books on (I think) Linux Security and Secure
Programming (C and/or C++, again, I think).  I'm fairly adept at
programming for buffer overruns and such.  I'm probably not qualified to
do a real presentation on the topic, but I could at least help support one
:)

I like the idea of monthlies, especially if we can get a bit more
proactive in scheduling cool talks :)  I don't mind filling in and/or
presenting on a number of topics, but I don't want anyone to get the idea
that I'm trying to monopolize or self-direct the devgrp.  Just wanna try
to be helpful and participate when I can.


Take Care.

Rob!