lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: cseagle at redshift.com (Chris Eagle) Subject: Coding securely, was Linux (in)security > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of Paul Schmehl >... > > But it shouldn't be the job of the writer of a subroutine to verify the > inputs. The writer of a subroutine defines what the appropriate inputs to > that routine are, and it's up to the *user* of that subroutine to use it > properly. The entire concept behind OOP is that you cannot know what's in > the "black box" you're using. That makes it incumbent on you as the *user* > of a subroutine to use the correct inputs and to *verify* those inputs when > necessary. > That is the most backward thing I have ever heard. So you are saying all I need to do as a programmer is tell you not to pass a negative number/null pointer/un-initialized value... to my function and I am off the hook. All I can say is that I am glad utdallas doesn't have you teaching programming. The fact that you are unaware what lies inside the black box in no way relieves the responsibility of the designer of the black box to make sure that it behaves predictably under all input cases. Chris
Powered by blists - more mailing lists