LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 09-30-2017, 10:23 AM   #1
rachelrose
LQ Newbie
 
Registered: Sep 2017
Posts: 6

Rep: Reputation: Disabled
Security and Software Development


I found this article that seems interesting. It talks about software security related to Java, and how developers are copying code from SO, which is out of date or incorrect, and using them in there projects.

I personally favor books over SO/internet, but even books eventually become out of date, and surprisingly some are still available today.

How do developers learn software security? Is it a course in Computer Science? From general research, it seems that security changes from time to time, developers disagree on what is considered proper practice. Do you learn it from job experience, you learn as you go along?

Last edited by rachelrose; 09-30-2017 at 08:23 PM.
 
Old 09-30-2017, 12:02 PM   #2
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
It's up in the air...

can't have security and freedom, stay safe it's a personal practice!
 
Old 10-01-2017, 05:43 PM   #3
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: Slackware
Posts: 7,710

Rep: Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991Reputation: 2991
OWASP

BTW... don't read a word of The Register (or Phoronix). Skim it until you get to its source, read that instead, and ignore a) anything The Register wrote about it, and b) anything in The Register's comments section. In the case of that article, the source is here:

https://arxiv.org/pdf/1709.09970.pdf

Last edited by dugan; 10-01-2017 at 05:54 PM.
 
Old 10-04-2017, 05:59 PM   #4
sevendogsbsd
Member
 
Registered: Sep 2017
Location: Texas
Distribution: Void
Posts: 100

Rep: Reputation: Disabled
Quote:
Originally Posted by jamison20000e View Post
It's up in the air...

can't have security and freedom, stay safe it's a personal practice!
You can absolutely have security and freedom - open source is all about that. But...coders need to pay attention to what they do and understand how to code securely.
 
Old 10-04-2017, 06:23 PM   #5
rachelrose
LQ Newbie
 
Registered: Sep 2017
Posts: 6

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by sevendogsbsd View Post
You can absolutely have security and freedom - open source is all about that. But...coders need to pay attention to what they do and understand how to code securely.
This is why I advocate for the use of open source software. If it's not open source, then I have no intention of using it. One of the reasons why I never used CCleaner was because the code isn't open source, we don't know exactly what it's doing. I wasn't surprised to hear that CCleaner had malicious code embedded.

I would imagine in university that they teach you the foundations of security, and it's up to you as the developer to continue learning when you enter the industry.
 
Old 10-04-2017, 11:24 PM   #6
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
Transparency brings better securities but in today's de-evolving world as we know nothing's secure!
 
Old 10-05-2017, 08:12 AM   #7
sevendogsbsd
Member
 
Registered: Sep 2017
Location: Texas
Distribution: Void
Posts: 100

Rep: Reputation: Disabled
Quote:
Originally Posted by jamison20000e View Post
Transparency brings better securities but in today's de-evolving world as we know nothing's secure!
Indeed!
 
Old 10-05-2017, 08:38 AM   #8
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
Same as real world, some want the freedom to have nukes, guns, knives, sticks and stones but education is not "cut and dry‽?!."
 
Old 10-06-2017, 09:46 AM   #9
PELinux64
LQ Newbie
 
Registered: Aug 2017
Distribution: Ubuntu
Posts: 9

Rep: Reputation: Disabled
The only truly secure computer is one you encase in concrete and deep six to the bottom of the ocean. Anything less than that and you're not 100% secure.

Security is a trade-off with freedom. I'd rather the balance tip in the direction of freedom than fascism. The people making up crazy al-Qaeda conspiracy theories have tipped it the wrong way.

There are no sleeper cells conspiring in caves to blow up skyscrapers in NYC. Turn off the fake news on TV and get your scientific facts straight:

http://www.ae911truth.org/
 
Old 10-06-2017, 11:07 AM   #10
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 8,706
Blog Entries: 4

Rep: Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030Reputation: 3030
Quote:
Originally Posted by PELinux64 View Post
There are no sleeper cells conspiring in caves to blow up skyscrapers in NYC. Turn off the fake news on TV and get your scientific facts straight:
http://www.ae911truth.org/
Someone dropped three skyscrapers neatly into their own footprint, and I daresay that the US Government knows exactly who it must have been – but will never, ever tell. (And I think that there are extremely compelling reasons for that.)

It just can't be a very long list. There just aren't that many companies on Earth who would have had the expertise, the access to very-exotic materials, and the capability to infiltrate three facilities for the necessary amount of time without being noticed ... especially given that the third building which was brought down contained the supposedly-secret supposedly-secure "anti-terrorism response center" for the City of New York! Any company that could admit to having done this amazing technical feat would drive every other "demo" company in the world right out of business. (Search "demolition fail" on YouTube to see how error-prone (and how deadly) it can be to bring down something as simple as a silo or a very small chimney.) They did it three times in a row, each time basically perfectly.

Now, please do us all a favor and skip the "official cover stories," and the official explanations why a lone wing-nut in a book warehouse the cover-stories must be true. We've heard it all before.

Last edited by sundialsvcs; 10-06-2017 at 11:19 AM.
 
Old 10-10-2017, 08:17 AM   #11
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Rep: Reputation: 38
Quote:
Originally Posted by sevendogsbsd View Post
You can absolutely have security and freedom - open source is all about that.
Oh, right. That's why open source is regularly in the news with embarrassing security issues.
 
Old 10-10-2017, 08:29 AM   #12
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
Arrow

Quote:
Originally Posted by YesItsMe View Post
Quote:
Originally Posted by sevendogsbsd View Post
You can absolutely have security and freedom - open source is all about that.
Oh, right. That's why open source is regularly in the news with embarrassing security issues.
Not like propriety where the embarrassment is paid for twice, not to say FOSS developers make le$$*... https://www.linuxquestions.org/quest...ml#post5767792 and bread &c.
 
Old 10-10-2017, 08:33 AM   #13
YesItsMe
Member
 
Registered: Oct 2014
Distribution: Void
Posts: 130

Rep: Reputation: 38
On proprietary systems, there are people who are paid to hunt and fix security issues. When there's one on (e.g.) systemd, nobody really cares because nobody's payment check depends on his code quality.
 
Old 10-10-2017, 08:33 AM   #14
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
Whoops the bread crumb was here: https://www.linuxquestions.org/quest...ml#post5768330
 
Old 10-10-2017, 08:39 AM   #15
jamison20000e
Senior Member
 
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth( I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that works well on my cheapest; has been KDE or CLI but open... http://goo.gl/NqgqJx &c ;-)
Posts: 3,663
Blog Entries: 2

Rep: Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123Reputation: 1123
Those people you speak of use Linux to do so ps: look up how much of the internet uses Linux...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Software reuse and DSO -- breaking the rules of embedded software development LXer Syndicated Linux News 0 04-20-2006 03:54 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 02:45 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration