Re: Is this list still active?

> I completely dismiss the argument that people have in general given up.
> I talk to too many people interested in learning how to avoid security
> problems, and know otherwise. People who give up should focus on some
> other way to make a living.

I'm certainly trying to create spin when writing "How about the notion that 
we've basically given up on security." As coders we haven't. But in society 
there are signs of acceptance that viruses, worms, cracking, phising and ID 
theft are unavoidable side effects of the information age. Perhaps as a 
society we are starting to give up. 

We all know how to make secure code because we've got organisations like 
OpenBSD and Wind River showing everyone how it's done. It's a painstaking, 
monastic review process that takes top people. I know that some organisations 
have equivalent inquisitional groups for when they can't afford to have their 
code blow up in their clients face but in everyday code development there's 
no such rigour.

Yeah, I like to think of code review in these terms; inquisition, monastic. 
Perhaps these guys should wear robes :) Our code serves important and 
sometimes critical social function, we don't just owe it to our shareholders 
to produce good code, we contribute to the infrastructure of society.