1. Writing safe and secure codeWriting safe and secure code
FOSS-North 2019FOSS-North 2019

5. … in six billion installations
across the world
My code exists

6. …… inside devices all of youinside devices all of you
here today own and use!here today own and use!
My code exists

7. Write safe codeWrite safe code

8. Safe code is not a coincidence
Doesn’t happen randomly, you need to work on it!
You need to care about it!
It is about time we all address this topic!
Everything I’ll tell you today, you already know!

9. Writing
Help users use your app or APIHelp users use your app or API
Defaults!Defaults!
Document. Everything and a lot.Document. Everything and a lot.
Get rid of warningsGet rid of warnings
UseUse commentscomments
assert()assert()
Release code asRelease code as open sourceopen source

10. Review
All codeAll code shallshall get reviewedget reviewed
CodeCode shallshall be easy to readbe easy to read and understandand understand
Use theUse the same code stylesame code style everywhereeverywhere
Commit message template ochCommit message template och qualityquality
Make sure style and templates are followed!Make sure style and templates are followed!

11. Test!
Unit tests
System tests
Integration tests
Test the documentation
Manual tests
Fixed a bug? Add a test. Or two.

12. Torment
Valgrind, address/UB/integer sanitizersValgrind, address/UB/integer sanitizers
Static code analyses (clang, Coverity, lints)Static code analyses (clang, Coverity, lints)
FuzzersFuzzers

13. All that, all the time
For every commit
For every PR
All. The. Time

14. The curl project
>50 builds + test “rounds” per commit
Tests code style, indenting etc
Thousands of tests per build
Builds and tests on tens of platforms
20-25 hours of CI per commit

15. The curl project’s choice of tools
Valgrind
Clang address,
undefined, signed-
integer-overflow
sanitizers
Clang tidy
“torture tests”
Scan-build
Lgtm
codacy
Coverity
OSS-Fuzz
Travis CI
Appveyor
Cirrus CI
Buildbots

16. The curl project’s policy
Fix all warnings (eye roll)Fix all warnings (eye roll)
No defects leftNo defects left
Use the strictest and most picky optionsUse the strictest and most picky options
As many tests as possibleAs many tests as possible
Fix security issues as soon as possibleFix security issues as soon as possible

17. But...
That takes a lot of time and is
expensive!

18. Perhaps, but...

20. Bad things will happen
No one is immune, no matter how hard we try!
Act immediately
Own the problem
Fix it
Learn from it
Otherwise...

21. CRTTA

22. Clean code
Review
Test
Torment
Act on mistakes

23. https://daniel.haxx.se/
Thank you!
@bagder

24. ““TheThe created economic valuecreated economic value
cannot be overstated”cannot be overstated”

25. License
This presentation and its contents are
licensed under the Creative Commons
Attribution 4.0 license:
http://creativecommons.org/licenses/by/4.0/