Entries published on August 13, 2006
Let’s talk about frameworks, security edition
It’s been an exciting week, hasn’t it?
The Rails vulnerability touched off quite a firestorm of commentary on the security of web application frameworks (and, by extension, applications developed with them), so let’s bring back the frameworks series for one last hurrah and take a look at security.
What do we mean by “secure”?
This may sound like a strange question to ask, but it’s an important one. A common misconception is that an application is “secure” if it doesn’t have any “bugs”. Setting aside the fact that this just switches out one vaguely-defined term for another, let’s consider what it would take …