Re: [security] [Security issue] Writing secure code case studies...

> dbabbage sent a message using the contact form at http://drupal.org/contact.
>
> Hi there,
> Have selected "security issue" as this is a suggestion for the security
> team—apologies if this means it is escalated inappropriately.
>
> I'm contacting you to suggest the idea of a security newsletter that
> presents case studies on how to write secure code. One of the great things
> about the Drupal community is that it provides a welcoming entry point for
> people new to development like myself. We have been using Drupal a while, we
> then write a few patches, we contribute a bit more substantially to a
> module, we write a module of our own, we end up porting another modules to a
> newer version of Drupal and then ultimately take over the maintaining them
> too, we start to submit core patches. (This describes my entry to the
> community anyway.) We may have read the "writing secure code" guidelines,
> and certainly intend to write secure code, but we may or may not have taken
> it *all* in and may unknowingly have sometimes not followed the guidelines.
>
> I subscribe to the security announcements, and I often think I could
> probably learn something useful by examining a diff of the fixed vs.
> previous versions of the modules that had security issues—but I've never
> gotten around to doing it. So I'd like to suggest that a email newsletter
> could from time to time present examples of insecure code that was found in
> a module, a short explanation of what made it insecure, and sample code with
> an explanation of how it was fixed. I think less experienced developers
> could learn a lot.
>
> Probably this would need to be a separate subscription to the main security
> announcements list, because some people wouldn't want it—but I'd certainly
> subscribe.
> Cheers,
> Duncan
> --
> [ Security | http://lists.drupal.org/listinfo/security ]
>