Use your computer fearlessly.




[ Security | Consulting | Research ]





Writing Little Code

by Brent Kirkpatrick

(Date Published: .)



Computer security professionals should write little code.



Professional computer security people write very little code. Writing code increases the attack surface, so the goal is to limit the newly written code as much as possible.

Attack surface has recently become note worthy, as security software has been used to hack sensitive documents. The Kapersky Lab anti-virus platform was used to obtain classified U.S. documents. Similarly, security software was used in Seoul to hack into the military network and steal sensitive files.

Each line of code written increases the attack surface. In particular, we can use the number of conditionals in machine code as a measure of code complexity and attack surface. The more conditionals there are, the more ways there are to attack code.

Computer security professionals should be writing as little code as possible. This is so that software is fixed instead of new security holes introduced. At most, professionals should be writing small patches.


defendIT. AI-driven security measures derived from security incident data.










bbkirk@intrepidnetcomputing.com




© 2015, 2016, 2017, 2018 Intrepid Net Computing. All rights reserved.