On Dec 14, 2007 7:35 PM, Tony Abernethy <[EMAIL PROTECTED]> wrote:
> The problem with "coding standards" is that they generally at best
> help slightly with things that do not matter, generally at the expense
> of everything that actually does matter.

There are uses for it.  You want some kind of standard, otherwise, you
have one person doing C, another C++, another C# and so on and so
forth.  Then, as even Microsoft banned some APIs (see:
http://tinyurl.com/2tbzop), it's probably a good idea for my company
to look at that (no, it doesn't help dumb programmers or people who
insist on shooting themselves in their foot, nor higher level security
stuff - like sending usernames and passwords in the clear, across the
internet), but at least provide a basic level to start.

Having this will also indicate to programmers that we *care* about security.

> Take the extra effort to make things as clear as possible
> Self-consistency matters.

Good points.

> One consistent bad style is better than multiple good styles.

What I hear is - consistency is good.  Good point.

> Eschew obfuscation.
> Originality may be necessary, but it's not really a virtue.
> Actually this list, and the attitudes behind it, your best bet.

Hence, I ask.

-- 
http://www.glumbert.com/media/shift
http://www.youtube.com/watch?v=tGvHNNOLnCk
"This officer's men seem to follow him merely out of idle curiosity."
-- Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks
factory where smoking on the job is permitted."  -- Gene Spafford
learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related

Reply via email to