Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20250928214311.BF89F8F5@notatla.org.uk>
Date: Sun, 28 Sep 2025 22:43:11 +0100
From: lists@...atla.org.uk
To: oss-security@...ts.openwall.com
Subject: Re: How to do secure coding and create secure software

> Can someone give an example as to how a software made up of secure
> functions can be hacked?

The security depends not only on the program but on your requirements and the
environment where it is used.
https://bad-example-find-xargs-rm.s3.eu-west-2.amazonaws.com/find_xargs_rm.html

There's the whole subject of side channels where computers are bad at keeping secrets.

On scoring high at the wrong task I recommend:
https://www.cl.cam.ac.uk/archive/rja14/Papers/wcf.pdf

Books:
Schneier: Secrets and Lies
https://www.amazon.com/Secrets-Lies-Digital-Security-Networked/dp/0471453803/

Anderson: Security Engineering
https://www.amazon.com/Security-Engineering-Building-Dependable-Distributed/dp/1119642787/

Viega & McGraw: Building Secure Software
https://www.amazon.com/Building-Secure-Software-Security-Documents-ebook/dp/B003CW67YQ/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.