[trustable-software] Does Code Reuse Endanger Secure Software Development? [slashdot]
Jim MacArthur
jim.macarthur at codethink.co.uk
Tue Dec 20 10:06:24 UTC 2016
On 19/12/16 15:52, John Ellis wrote:
> All,
>
> I came across this post yesterday. Will be interesting to watch and see
> how folks respond to the open question.
>
> https://it.slashdot.org/story/16/12/17/1751234/does-code-reuse-endanger-secure-software-development
>
> Cheers.
>
> jte
>
The article doesn't say a lot about linking; I can think of a lot of
ways code gets reused, and I've probably missed a few:
* Deploying on an existing OS
* Building with existing build tools
* Dynamically linking against existing libraries
* Static linking against libraries
* Copying source code with some managed tool, say by your IDE or patch
manager (git subrepos, for example)
* Copying and pasting code
So I'm wondering why people need to copy and paste code. Is it easier in
the first place, or easier to deploy? Would flatpak encourage more
people to link dynamically (and hence benefit from future updates to the
library code)?
There some more things I'd not heard of to check out - Gemnasium,
Brakeman and Code Climate - I'll see if any of them fit into the
trustable picture.
Jim
More information about the trustable-software
mailing list