[SC-L] Source or Binary

[Brad Andrews]

This is something where I have to watch my own mind.  Figuring out a  
binary in C++ is very difficult.  The Java is not really a binary, at  
least not in the "runs by itself" meaning.  (Everything is (a) binary  
in reality, including the file holding this email.)

Realizing that java "binaries" hold a lot more is a mental shift that  
probably must be actively kept in mind.  Those with only Java  
experience may think it is obvious, but how many developers did not  
start with Java and have not purged this concept from their mind.

This is a topic worth consideration when we are educating developers  
on secure development.  At least it seems to to me!

-- 

Brad Andrews
RBA Communications
CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI