I made a post about Didier Stevens a while ago who found vulnerabilities in Adobe pdf. But not only Adobe made mistakes. In the SANS newsbite newsletter is an article that the popular alternative Foxit Reader has vulnerabilities in the JBig2. (JBig2 is an image compression standard.)
I am not a programmer but I know from the little programming experience at school I have that every code has bugs and the main goal of a programmer is to make things work. Therefore it is important that professional programmers get educated about common problems and mistakes. Once the code is written I think the code has to go through a peer revision system. I know there are things called deadlines but still QA of code is not something that can be skipped because the impact (Foxit has a user base of 50 million users) can be enormous.
Even if you are somebody that likes to write code on your own make sure you have a kind of
QA and practice secure programming.
No comments:
Post a Comment