{"id":407,"date":"2007-11-20T12:26:22","date_gmt":"2007-11-20T11:26:22","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/?p=407"},"modified":"2007-11-20T12:26:22","modified_gmt":"2007-11-20T11:26:22","slug":"how-to-write-secure-and-less-buggy-code","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/407-how-to-write-secure-and-less-buggy-code.html","title":{"rendered":"How to write secure (and less buggy) code"},"content":{"rendered":"<p><a href=\"http:\/\/cr.yp.to\/qmail\/qmailsec-20071101.pdf\">Thought-provoking paper [PDF]<\/a> from Daniel J Bernstein, the author of qmail, covering software security and addressing topics such as premature optimization and bug reduction along the way.<\/p>\n<blockquote>\n<p>In March 1997, I took the unusual step of publicly offering $500 to the first person to publish a verifiable security hole in the latest version of qmail: for example, a way for a user to exploit qmail to take over another account. My offer still stands. Nobody has found any security holes in qmail. I hereby increase the offer to $1000.<\/p>\n<\/blockquote>\n<p>He attributes his success to minimizing the amount of trusted code, in contrast to running code with least privilege which he says is ineffective. <\/p>\n<p>(from <a href=\"http:\/\/www.schneier.com\/blog\/archives\/2007\/11\/thoughts_on_the.html\">Schneier on Security<\/a>).<\/p>\n<div class=\"wlWriterSmartContent\" id=\"scid:0767317B-992E-4b12-91E0-4F059A8CECA8:8437f3d7-1af0-4158-9b7a-0108a4e7dc2b\" style=\"padding-right: 0px; display: inline; padding-left: 0px; padding-bottom: 0px; margin: 0px; padding-top: 0px\">Technorati tags: <a href=\"http:\/\/technorati.com\/tags\/security\" rel=\"tag\">security<\/a>, <a href=\"http:\/\/technorati.com\/tags\/software%20development\" rel=\"tag\">software development<\/a>, <a href=\"http:\/\/technorati.com\/tags\/qmail\" rel=\"tag\">qmail<\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Thought-provoking paper [PDF] from Daniel J Bernstein, the author of qmail, covering software security and addressing topics such as premature optimization and bug reduction along the way. In March 1997, I took the unusual step of publicly offering $500 to the first person to publish a verifiable security hole in the latest version of qmail: &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/407-how-to-write-secure-and-less-buggy-code.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">How to write secure (and less buggy) code<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[75,80],"tags":[],"class_list":["post-407","post","type-post","status-publish","format-standard","hentry","category-security","category-software-development"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/407","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=407"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/407\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=407"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=407"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=407"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}