My (past) thinking on writing secure code.

This is my current (As of 12:36pm AEST on May 14th, 2016) thinking on “writing secure code”.


  • I don’t know how; I don’t think that’s definitively possible.
  • I ask people to attack my stuff, and I fix what they find.


  • I know there are tools that help with this. I use quite a few quite a lot, but if you know some, please comment them and I’ll add them to my build pipeline.
  • I wrote this up at a feverish rate following a boxing session. If you find flaws in it, point them out, and I’ll both thank you publicly and amend the doc.