[SC-L] Insecure Java Code Snippets
Brad Andrews
andrews at rbacomm.com
Thu May 7 13:47:47 EDT 2009
Quoting ljknews <ljknews at mac.com>:
> At 5:49 PM -0500 5/6/09, Brad Andrews wrote:
>
>> Try a few of the PC-Lint bugs, if you ever wrote C/C++ code.
>> They can be really hard to figure out,
>
> And yet people keep choosing those programming languages.
They offer quite a bit of power in exchange for the danger. A steak
knife can be dangerous, but I would greatly prefer it over a butter
knife if I am eating a steak. :)
I also believe some Java security flaws can be just as difficult to
figure out. Some aren't, but why would secure code review be such a
challenge if it was so easy?
Brad
More information about the SC-L
mailing list