Secure software is a subset of reliable software. I write reliable software for a living, so I would like to think I know a thing or two about security.
Funny, same here ;3
Also, your assumption there is flawed.
You can't have 100% secure software unless you are telling me it's 100% bug free.
Bugs can cause security vulnerabilities, simply by their unknown nature.
Maybe you can show me more of your security strong points eks dee
I ID'ed and fixed over 200 vulnerabilities in an enterprise eCommerce app. Then again, the PCI auditors were morons at the time. I looked at their "reports" and it was ~ 100 pages of our login screen. Just *maybe* the spider hit the logout button? Just a wild guess :V
SalesForce was A LOT better and found a lot I already documented. So, yeah... That's when the product owners prioritized it. I was doing the fixes, which for certain things (like FINDING HTML EMBEDDDED IN THE SQL DATA) a lot had to be a hack. There was also a bad file inclusion bug that was core to our architecture. A lot of workarounds and I left line-spanning rexexp's but there really was no other way and I was the only developer who could do it and make the audit. And we did.
I also ported the app from IIS/Coldfusion to an Apache Tomcat stack so we coud develop services in a non-shit language like J2EE in parallel for new development while still running the monolithic POS legacy app. The framework is one of the problems; developers don't generally write with security in mind. I've been doing this stuff for 8 years or more. I'm not a noob :p
I just find it unfortunate I work with so little other science (and math too, an area I'd like to get stronger in). Right now I'm doing platform engineering for a large SOA (well, n-tier to be specific but I have my dreams) and work with Java, Ruby, C++, Bash, front-end, whatever. Basically back-end glue code but I go back to the front-end sometimes (not as much as I'd like; JS and HTML/CSS are some of my my strong points but I'm a bit too OCD to be a UIX person). Not to mention the pay cut.
Now, stop fucking posting.
Oh, come on. And I expected more from you ;3
Stop posting and GTFO are so last millenium.
I said you showed me up. Once. I owe you one; maybe sometime it'll happen (though we don't talk much).
Or did I?
Nah, that was far too weak. Just a paradigm I believe; there's no such thing as a 100% secure application (assuming it is of reasonable size).