240 lines
4.7 KiB
HTML
240 lines
4.7 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Why do Programmers Write Insecure Code?</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Secure Programming for Linux and Unix HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Background"
|
|
HREF="background.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Security Principles"
|
|
HREF="security-principles.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Is Open Source Good for Security?"
|
|
HREF="open-source-security.html"></HEAD
|
|
><BODY
|
|
CLASS="SECT1"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Secure Programming for Linux and Unix HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="security-principles.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 2. Background</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="open-source-security.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECT1"
|
|
><H1
|
|
CLASS="SECT1"
|
|
><A
|
|
NAME="WHY-WRITE-INSECURE"
|
|
></A
|
|
>2.3. Why do Programmers Write Insecure Code?</H1
|
|
><P
|
|
>Many programmers don't intend to write insecure code - but do anyway.
|
|
Here are a number of purported reasons for this.
|
|
Most of these were collected and summarized by Aleph One on Bugtraq
|
|
(in a posting on December 17, 1998):
|
|
<P
|
|
></P
|
|
><UL
|
|
><LI
|
|
><P
|
|
>There is no curriculum that addresses computer security in most schools.
|
|
Even when there <EM
|
|
>is</EM
|
|
> a computer security curriculum, they
|
|
often don't discuss how to write secure programs as a whole.
|
|
Many such curriculum only study certain areas such as
|
|
cryptography or protocols.
|
|
These are important, but they often fail to discuss common real-world issues
|
|
such as buffer overflows, string formatting, and input checking.
|
|
I believe this is one of the most important problems; even those programmers
|
|
who go through colleges and universities are very unlikely to learn
|
|
how to write secure programs, yet we depend on those very people to
|
|
write secure programs.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Programming books/classes do not teach secure/safe programming techniques.
|
|
Indeed, until recently there were no books on how to write secure programs
|
|
at all (this book is one of those few).</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>No one uses formal verification methods.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>C is an unsafe language, and the standard C library string functions
|
|
are unsafe.
|
|
This is particularly important because C is so widely used -
|
|
the ``simple'' ways of using C permit dangerous exploits.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Programmers do not think ``multi-user.''</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Programmers are human, and humans are lazy.
|
|
Thus, programmers will often use the ``easy'' approach instead of a
|
|
secure approach - and once it works, they often fail to fix it later.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Most programmers are simply not good programmers.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Most programmers are not security people; they simply don't often
|
|
think like an attacker does.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Most security people are not programmers.
|
|
This was a statement made by some Bugtraq contributors, but it's not clear
|
|
that this claim is really true.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Most computer security models are terrible.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>There is lots of ``broken'' legacy software.
|
|
Fixing this software (to remove security faults or to make it work with
|
|
more restrictive security policies) is difficult.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Consumers don't care about security.
|
|
(Personally, I have hope that consumers are beginning to care about security;
|
|
a computer system that is constantly exploited is neither useful
|
|
nor user-friendly.
|
|
Also, many consumers are unaware that there's
|
|
even a problem, assume that it can't happen to them, or think that
|
|
that things cannot be made better.)</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Security costs extra development time.</P
|
|
></LI
|
|
><LI
|
|
><P
|
|
>Security costs in terms of additional testing
|
|
(red teams, etc.).</P
|
|
></LI
|
|
></UL
|
|
></P
|
|
></DIV
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="security-principles.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="open-source-security.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Security Principles</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="background.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Is Open Source Good for Security?</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |