Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:Bolting On (Score 1) 145

by Chris Lawrence (#31331000) Attached to: Over Half of Software Fails First Security Tests

Sure, bugs can always be introduced, and some of these will open security holes. But as long as the fundamental design conforms to a sensible security model, this isn't a big deal. That type of bug can be found through additional code review. (Note that testing is *not* a method to find security bugs.)

Comment: Bolting On (Score 3, Insightful) 145

by Chris Lawrence (#31330788) Attached to: Over Half of Software Fails First Security Tests

As Bruce Schneier has said, trying to bolt on security to an existing product or application can be very difficult and time consuming. Sometimes you even have to redesign things. Designing for security and using secure coding practices from the beginning, however, makes it much, much easier.

Comment: Re:This is news? (Score 1) 416

by Chris Lawrence (#31224022) Attached to: Why You Can't Pry IE6 Out of Their Cold, Dead Hands

Yeah, Oracle Apps is in a different category from the Oracle DB. That runs on Linux, Windows, Solaris, HPUX, Mac, etc. No lock-in there. Oracle Apps? Something doesn't do what you want, put in a request, five years later you get it, if you're lucky. But at least it isn't IE only.

"They that can give up essential liberty to obtain a little temporary saftey deserve neither liberty not saftey." -- Benjamin Franklin, 1759

Working...