Qmail is a secure alternative to Sendmail. This paper summarizes some lessons learned from 10 years of development.
- Eliminate bugs: duh!
- Eliminate code: less code probably means fewer bugs.
- Eliminate trusted code: Run most of your code in a tight, secure runtime environment (i.e. .NET with limited CAS). Concentrate bug fixing effort on that tiny little bit of code that still needs to be trusted.
- Don’t just chase attackers: Most security work is patching holes found by attackers. These are merely symptoms of insecure code. In addition, devs must focus on the root cause of these security holes.
- Minimizing privileges doesn’t solve the problem: Work on fixing bugs, not just minimizing damage when bugs are exploited.
- Don’t obsess about performance: A small slowdown is better than insecure software