Programmers are copying security flaws into your software, researchers warn
-
Another reason copy/paste is ushering the slow decline of humanity.
-
It is true that using code coming from made by others means you are inheriting their flaws. But if the developers did everything from scratch, would they have a better result, or even more flaws (of all kinds, including security vulnerabilities)? One of the reasons to use code made by others is that "such code was created by experts on those areas and was largely tested" and it would be extremely difficult to do a better job. I am not saying it is impossible but it is far from being a reality for most programmers and companies.
-
Shift+Ins, Ctrl+Ins, Shift+Del It's still painful using a keyboard where I can't use those shortcuts.
-
IMHO, This is possible if only if they do a system that entirely depends on other people work and couldn't or less possible way testing it.
-
When taking over a project with new technology, most companies won't give time to learn it, we have to research with Google in the initial stage while study it in our own free time and go back to fix any inadequacies. The problem is some developers (even the senior ones) always rely on copy and paste without understanding or making effort to study in depth the technologies they are using.
-
-
It is true that using code coming from made by others means you are inheriting their flaws. But if the developers did everything from scratch, would they have a better result, or even more flaws (of all kinds, including security vulnerabilities)? One of the reasons to use code made by others is that "such code was created by experts on those areas and was largely tested" and it would be extremely difficult to do a better job. I am not saying it is impossible but it is far from being a reality for most programmers and companies.
Paulo Zemek wrote:
One of the reasons to use code made by others is that "such code was created by experts on those areas and was largely tested" and it would be extremely difficult to do a better job.
Like this[^]? Or this[^]? Or this[^]? Seriously, for the love of bacon, don't follow any of those tutorials! Many "experts" don't have to first idea how to write secure code. They churn out tutorials explaining how to do things in the least secure way possible, and thousands of novice developers copy the code verbatim, without taking the time to understand the code or check for vulnerabilities. And when people who do know better try to point out the flaws in the tutorial's code, we're generally ignored. :sigh:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
-
Paulo Zemek wrote:
One of the reasons to use code made by others is that "such code was created by experts on those areas and was largely tested" and it would be extremely difficult to do a better job.
Like this[^]? Or this[^]? Or this[^]? Seriously, for the love of bacon, don't follow any of those tutorials! Many "experts" don't have to first idea how to write secure code. They churn out tutorials explaining how to do things in the least secure way possible, and thousands of novice developers copy the code verbatim, without taking the time to understand the code or check for vulnerabilities. And when people who do know better try to point out the flaws in the tutorial's code, we're generally ignored. :sigh:
"These people looked deep within my soul and assigned me a number based on the order in which I joined." - Homer
Actually I wasn't even talking about copying code... but about using libraries. I personally love to "reinvent" the wheel, be it because of performance concerns, security concerns or simply to learn how those things work internally. Yet, many developers really prefer to get already made code and, if they can't find, they will do an even less secure implementation. No, I am not saying that "copying from others" will be good. I am saying that allowing developers that are simply not of that domain to do it will be even worse. Also note that I quoted that "such code was created by experts on those areas and was largely tested" by a reason. That's the belief to use code made by others. I don't agree with the statement as is.
-
Sorry, it's been a while. Actually never, as I started on a CUA interface.
TTFN - Kent
