Samples Are Templates

Samples Are Templates

If you produce sample applications, some of your users will cut and paste the code and use it to build their own applications. If the code is insecure, the client just created an insecure application. I once had one of those life-changing moments while spending time with the Microsoft Visual Studio .NET team. One of their developers told me that samples are not samples they are templates. The comment is true.

When you write a sample application, think to yourself, Is this code production quality? Would I use this code on my own production system? If the answer is no, you need to change the sample. People learn by example, and that includes learning bad mistakes from bad samples.

During the Windows Security Push, we set a simple and attainable bar for all Platform SDK samples: Would you use this code in a Microsoft product? If the answer was no, the code had to be reworked until it was safe enough to ship.

Writing Secure Code
Writing Secure Code, Second Edition
ISBN: 0735617228
EAN: 2147483647
Year: 2001
Pages: 286 © 2008-2017.
If you may any questions please contact us: