October 2007 - Posts

Writing Secure Code 3
It seems like every time I've gone out in public recently, I've been asked when we were going to update Writing Secure Code 2. I've been seeing comments about it along the lines of "Good, but dated." Ouch. It has been a while – we published WSC2 in 2002, Read More...
Posted 17 October 07 07:29 by david_leblanc | 1 Comments   
Checking Password Complexity
Michael put some sample code into WSC2 that showed people how to check passwords using the NetValidatePasswordPolicy API. It's a very flexible API, and it's meant to handle situations where an app maintains its own password database, like SQL Server. Read More...
Posted 11 October 07 07:47 by david_leblanc | 2 Comments   
Safebool
My last post triggered a couple of responses and a URL I thought would be good to not get lost in the comments. Check out http://www.artima.com/cppsource/safebool.html . As I was saying a couple of posts ago, the right tool is usually situational. In Read More...
Posted 03 October 07 11:33 by david_leblanc | 1 Comments   
Filed under
C++ operator overloading trivia
Learned something interesting this week that I'll be working into SafeInt 3. It all started out because if you declare a SafeInt class instance, and then try to use it as an array index, the compiler can't figure out which of the several available integer Read More...
Posted 02 October 07 04:14 by david_leblanc | 3 Comments   
Filed under
On the Other Hand…
In my previous post on threat models, I pointed out situations where TM's are either a complete waste of time, or maybe we've got bigger problems than design issues. To add a little balance and reinforce one of the points I was trying to make, let's look Read More...
Posted 01 October 07 08:17 by david_leblanc | 2 Comments   

Search

This Blog

Syndication

Page view tracker