It was this comment to the posting that caught my attention:
Some of us idiots used to think that any devs who weren’t aware of buffer overflow before the Morris worm would be aware of it after the Morris worm. But in fact, your posting almost points out why many devs remain blissfully unaware:
“we developers were trained to focus on and typically only ever focused
on how legitimate users will use the product”
Close. Developers who want to have good jobs have to get trained to focus on how their managers pretend the product will be used. Anyone who thinks as far out as actual end users will get canned for not being
a team member. Anyone who thinks even further out about actual end misusers will be sued for being a hacker. But yeah, you explained it.
Long time readers will know that the Morris worm is my poster-boy for complaining that modern schools don’t teach defensive programming.
It seems I’m not alone.
Related articles by Zemanta
- Conficker: How a Buffer Overflow Works (wired.com)
- Microsoft’s Banning Memcpy() Functions in the Name of Security [Microsoft] (gizmodo.com)
- Crypto hash boffins trip on buffer overflow (theregister.co.uk)
- Nasty Java bug could lead to attack (infoworld.com)
- Software Bugs A Software Architect Point Of View (slideshare.net)
- Experts reboot list of 25 most dangerous coding errors (go.theregister.com)
- The 25 Most Dangerous Programming Errors (developers.slashdot.org)