Sunday, February 25, 2007

Handling bugs in your code

Eric Allman, the Chief Science Officer of Sendmail wrote an article for the ACM Queue about handling bugs in your code. He notes that "A sad truism is that to write code is to create bugs...The really sad part is that at least some of these are likely to be security bugs.".

The article is a well written brief overview of methods of dealing with security bugs and their repercussions. He also discusses important questions that you will want to answer when determining your strategy and how to deal with the announcement, patching or fix process and aftermath. If you're doing software development, or if you provide a product or service that would be subject to bugs or vulnerabilities, this is probably worth a read.

No comments: