system: Add Secure Coding Guidelines #10431
Conversation
bjorng
left a comment
bjorng
left a comment
There was a problem hiding this comment.
Excellent language and sound advice. My only comments are nitpicks.
jhogberg
force-pushed
the
john/system/secure-coding-documentation
branch
3 times, most recently
from
dea105b to
f0819a9
Compare
jhogberg
force-pushed
the
john/system/secure-coding-documentation
branch
from
55995be to
b3c028e
Compare
| occur once the numbers reach several megabits in size, and will in any event | ||
| throw an exception instead of wrapping around or otherwise behaving in an | ||
| unsafe manner ([`CWE-190`]). | ||
|
|
There was a problem hiding this comment.
Should we add some kind of disclaimer that the statements about memory safety, leaks, and so forth assumes that the VM implementation is correct.
And if so add that it is very unlikely that there exists an undiscovered bug that can be exploited for things like remote code execution since most parts of the VM is exercised thoroughly by all code that is run during normal operation.
There was a problem hiding this comment.
No, I don't think that's necessary. Other languages (e.g. Rust) make strong claims about how safe they are without disclaiming that a compiler or runtime bug of theirs ruins everything, and I don't want a less technical decision-maker to get the impression that we're less safe than those languages just because we're more honest.
Co-authored-by: "Rickard Green <[email protected]>"
jhogberg
force-pushed
the
john/system/secure-coding-documentation
branch
from
b3c028e to
cf6a601
Compare
8 participants
Our benefactors want a secure coding standard/guideline for Erlang, and in contrast to EEF's Secure Coding Recommendations they want it to be more along the lines of the SEI CERT Coding Standards. We need to have numbered and concrete rules, mappings to CWEs and OWASP risks and back, and must address the top
NCWEs and OWASP risks.This is an early draft to get a discussion started on how it should look, which recommendations/rules should be included, and so on. It is quite incomplete at the moment, and any and all feedback is most welcome.