Heh.  I think we're having far too much fun in the other threads.  I

have a serious question.  I'm a mangler in a largish company.  We have

developers, and contractors.  No coding standards and all that, so,

things are... messy.
I'm not in charge of development, but I want to help them develop

something useful, and secure.  Other than doing a braindump of the

developers here, what are the things that you people have found useful

to have in secure programming practises?
I'm looking for advice, tips, procedures, processes, whatever.  I will

be looking through my old notes from Matt Bishop's class at SANS, and

other things I've gathered throughout the years.
Unfortunately, it's rather flat here, so I can't even invite Theo to

come by and give a talk.
Thanx!
--

http://www.glumbert.com/media/shift

http://www.youtube.com/watch?v=tGvHNNOLnCk

"This officer's men seem to follow him merely out of idle curiosity."

-- Sandhurst officer cadet evaluation.

"Securing an environment of Windows platforms from abuse - external or

internal - is akin to trying to install sprinklers in a fireworks

factory where smoking on the job is permitted."  -- Gene Spafford

learn french:  http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related