<HTML ><HEAD ><TITLE >Why do Programmers Write Insecure Code?</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Secure Programming for Linux and Unix HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Background" HREF="background.html"><LINK REL="PREVIOUS" TITLE="Security Principles" HREF="security-principles.html"><LINK REL="NEXT" TITLE="Is Open Source Good for Security?" HREF="open-source-security.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Secure Programming for Linux and Unix HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="security-principles.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 2. Background</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="open-source-security.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="WHY-WRITE-INSECURE" ></A >2.3. Why do Programmers Write Insecure Code?</H1 ><P >Many programmers don't intend to write insecure code - but do anyway. Here are a number of purported reasons for this. Most of these were collected and summarized by Aleph One on Bugtraq (in a posting on December 17, 1998): <P ></P ><UL ><LI ><P >There is no curriculum that addresses computer security in most schools. Even when there <EM >is</EM > a computer security curriculum, they often don't discuss how to write secure programs as a whole. Many such curriculum only study certain areas such as cryptography or protocols. These are important, but they often fail to discuss common real-world issues such as buffer overflows, string formatting, and input checking. I believe this is one of the most important problems; even those programmers who go through colleges and universities are very unlikely to learn how to write secure programs, yet we depend on those very people to write secure programs.</P ></LI ><LI ><P >Programming books/classes do not teach secure/safe programming techniques. Indeed, until recently there were no books on how to write secure programs at all (this book is one of those few).</P ></LI ><LI ><P >No one uses formal verification methods.</P ></LI ><LI ><P >C is an unsafe language, and the standard C library string functions are unsafe. This is particularly important because C is so widely used - the ``simple'' ways of using C permit dangerous exploits.</P ></LI ><LI ><P >Programmers do not think ``multi-user.''</P ></LI ><LI ><P >Programmers are human, and humans are lazy. Thus, programmers will often use the ``easy'' approach instead of a secure approach - and once it works, they often fail to fix it later.</P ></LI ><LI ><P >Most programmers are simply not good programmers.</P ></LI ><LI ><P >Most programmers are not security people; they simply don't often think like an attacker does.</P ></LI ><LI ><P >Most security people are not programmers. This was a statement made by some Bugtraq contributors, but it's not clear that this claim is really true.</P ></LI ><LI ><P >Most computer security models are terrible.</P ></LI ><LI ><P >There is lots of ``broken'' legacy software. Fixing this software (to remove security faults or to make it work with more restrictive security policies) is difficult.</P ></LI ><LI ><P >Consumers don't care about security. (Personally, I have hope that consumers are beginning to care about security; a computer system that is constantly exploited is neither useful nor user-friendly. Also, many consumers are unaware that there's even a problem, assume that it can't happen to them, or think that that things cannot be made better.)</P ></LI ><LI ><P >Security costs extra development time.</P ></LI ><LI ><P >Security costs in terms of additional testing (red teams, etc.).</P ></LI ></UL ></P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="security-principles.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="open-source-security.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Security Principles</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="background.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Is Open Source Good for Security?</TD ></TR ></TABLE ></DIV ></BODY ></HTML >