

When Did We Start Trusting Bad Code? Silent Circle Vulnerability Handling - ronaldx
http://blog.erratasec.com/2013/08/when-did-we-start-trusting-bad-code.html?m=1

======
firebunnytime
That's one of things that works best about open source stuff is that they get
reviewed by more people. If os isn't possible, than it's better from this
perspective to try and write in a higher level language that does these kinds
of checks for the dev automatically such as Scala / Java etc.. Where the
runtime does boundary checks. But if that's not possible as well than this
article does suggest some good courses of actions. Good comments on it as
well.

