Continued attacks on HTTP/2

Posted Apr 15, 2024 13:30 UTC (Mon) by farnz (subscriber, #17727)
In reply to: Continued attacks on HTTP/2 by wtarreau
Parent article: Continued attacks on HTTP/2

The person I worked with who was worst for writing code with security bugs was taught in exactly the way you describe; his attitude after graduating was that this was "just theory", and therefore he didn't have to care about secure handling of predictable errors since "it crashes, so we'll know if it's got a bug because we'll get bug reports". He was great at exploiting bugs, but useless at preventing them.

IME, the thing that helps you learn is to work in languages where you simply cannot write certain classes of bug without a compiler error; writing code that compiles in Agda is a lot harder to learn to do than writing code that C compilers will accept, but if you're used to thinking in terms of "how do I write this in a way that the compiler can see is bug-free?", you're better at writing code that is genuinely bug free, even when you then learn how to write C (albeit that you're also more likely to write a program extractor that takes your Agda, removes the proof-related bits, and outputs C).