"a skilled backdoor-writer can defeat skilled auditors"?
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Thu Jun 5 00:16:19 PDT 2014
On 2014-06-04, 09:46, coderman wrote:
> there is a significant difference between engineering for safety,
> conservatively. and sloppy error prone techniques indicating haste
> and carelessness.
>
> pointer arithmetic in C may be unavoidable, yet using them
> consistently with thoughtfulness and robustness is always a great
> idea.
Absolutely. My gripe was with the "automatic fail" of the OP. It's
perfectly fine to say "this code doesn't look as if it was engineered
for safety and you should consider rewriting it", and you can say "I
can't audit this code, it's too complex for me", but you can't, IMHO,
say "I fail this code's audit because it has a number of code smells"
unless absence of code smells was a design requirement or there is
evidence that these code smells are associated with security problems.
Fun,
Stephan
--
More information about the cypherpunks
mailing list