Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
For the out-of-band Slashdot experience (mostly headlines), follow us on Twitter, or Facebook. ×

Comment: Re:Bolting On (Score 1) 145 145

by Chris Lawrence (#31331000) Attached to: Over Half of Software Fails First Security Tests

Sure, bugs can always be introduced, and some of these will open security holes. But as long as the fundamental design conforms to a sensible security model, this isn't a big deal. That type of bug can be found through additional code review. (Note that testing is *not* a method to find security bugs.)

Comment: Bolting On (Score 3, Insightful) 145 145

by Chris Lawrence (#31330788) Attached to: Over Half of Software Fails First Security Tests

As Bruce Schneier has said, trying to bolt on security to an existing product or application can be very difficult and time consuming. Sometimes you even have to redesign things. Designing for security and using secure coding practices from the beginning, however, makes it much, much easier.

Comment: Re:This is news? (Score 1) 416 416

by Chris Lawrence (#31224022) Attached to: Why You Can't Pry IE6 Out of Their Cold, Dead Hands

Yeah, Oracle Apps is in a different category from the Oracle DB. That runs on Linux, Windows, Solaris, HPUX, Mac, etc. No lock-in there. Oracle Apps? Something doesn't do what you want, put in a request, five years later you get it, if you're lucky. But at least it isn't IE only.

Comment: Re:This is news? (Score 1) 416 416

by Chris Lawrence (#31222658) Attached to: Why You Can't Pry IE6 Out of Their Cold, Dead Hands

Sure, of course I remember. That explains why a company might use IE as their standard browser. It doesn't explain why they would choose an app that depends on IE-only extensions. If you use something based on standards, you're future-proof, if you don't, you can get locked in.

Gravity brings me down.

Working...