Underestimation of Software Security

It’s like a virus, it’s everywhere. Whoever I talk with, doesn’t give a shit about software security. I’m not talking about some cryptic concepts or whatever, just, the basics, like pitfalls of strncpy(), just to name one.

Moreover, every single lecture I attended until now has never ever mentioned anything about this very, expensive and important field of Computer Science. Just one exception (worth mentioning): Lorenzo Dematté (kudos to him and his lectures, really appreciated) during his Computer Architecture course, explaining why buffer overflow are very cheap and devastating.

Hey, teachers!? Care to tell your students anything about software security and why developers should freaking care? (I’m pointing the fingers to the latest bunch of security exploits discovered in the Linux kernel, driving distro maintainers *cough* nuts).

Just my today’s rant!


About lxnay

the creator of Sabayon Linux, Entropy Package Manager {Eit, Equo, Rigo}, Molecule release media buildsystem, Matter Portage buildbot/tinderbox and only God knows what else...

3 responses to “Underestimation of Software Security

  1. James Le Cuirot

    You’re right, despite my own course being very good, I don’t remember anything being said about that stuff. I dare say some of my fellow students have probably gone on to write some horrendous code.

  2. Elvis

    Man I feel your pain and agree with you 10milj. %

    If it is not for poor coding or sloppy coding then stuff like this affects both Linux world and later eventually Windows / OSX as well and causes a cascading snow ball effect trying to patch software instead of fixing the root problem the basics like we used to old school source gentoo it.

    Then build on what works or is known to be good.

    it just sucks that you end up doing GCC’s job for them as well as everyone else’s jobs to fix their code.

    Just look at Firefox 3.6.* in windows versus Firefox source compiled on Gentoo. They did not bother to do a full gcc4.5.* rebuild of their compile box so the optimization issues continue into Firefox 4.*

    You can test that using ” amazon shelf ” or google O3D http://code.google.com/apis/o3d/ try the beach demo.

    All this will eat away at the kernel eventually and crash the whole Linux world unless fixed.

    It is all about the version number and measuring who has the biggest private part instead of pride in QOS / product quality. Italians and Germans take pride in doing quality perfect products, no one else gives a damn anymore.

  3. Darksurf

    Its nice to see someone is keeping up with it 🙂 hopefully some people like you will come along and influence Linus to start griping and getting people to fix it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

hello, twitter

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 583 other followers


%d bloggers like this: