[vlc-devel] Re: code security audit: you can help

Jean-Paul Saman saman at natlab.research.philips.com
Mon Oct 6 09:45:25 CEST 2003

Sam Hocevar wrote:
>  3. That's not all, folks
> --------------------------
>    Of course this is not perfect. For instance, we don't know how the
> libraries we use will behave when given corrupted data, and we cannot
> ultimately trust their authors for doing the checks, so maybe we will
> need to audit external code as well. But let us first sweep in front of
> our own door!
>    For those who have time, I suggest reading the Secure Programming
> HOWTO [2], which is pretty big but has a lot of sections that directly
> apply to VLC.
>    There may also be design issues that will not be spotted with such a
> keyhole review, such as race conditions. Or what happens if a webpage
> contains a "vlc:quit" target, or something even nastier? However I
> haven't thought about them yet, so it will be another dicussion. If you
> have more ideas, please comment!
> [1] http://lists.insecure.org/lists/bugtraq/2003/Sep/0003.html
> [2] http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html

Here are another sites that gives usefull information about secure 


Kind greetings,

Jean-Paul Saman

This is the vlc-devel mailing-list, see http://www.videolan.org/vlc/
To unsubscribe, please read http://developers.videolan.org/lists.html
If you are in trouble, please contact <postmaster at videolan.org>

More information about the vlc-devel mailing list