Einzelnen Beitrag anzeigen

DasWolf

Registriert seit: 7. Jun 2016
76 Beiträge
 
Delphi 10.1 Berlin Professional
 
#14

AW: Sind mit Delphi erstellte Programm sicherer?

  Alt 6. Okt 2023, 12:08
Interesting subject and question, though i see deep and complex even more philosophical.

Security and its gap is limitless pit, there is no standard unless you define security and its gap, so what security means here, what your client may be failed to point and may be you also failed to understand his point of view.

Security in many cases is simple trust of chain, if i trust Daniel (the founder of this forum) with my information, then i obliged to trust the administrators he trusted with my information and so on, this a way to handle security and trust, is my email is secure here ? that can't be answered by simply yes or no.

Security most the time is simple as black or white, but there is cases where it is shades aka risk involvement, and this is huge factor many fail to consider.

Now to your question(s)
Is Delphi safer than C?, this can't be answer by yes or no, in general Delphi is less prone to overflow attacks, it is just harder to weaponize/exploit.
Is your client right with being afraid of your code? yes and the client is right not just always, but in this case, you obliged to give him peace of mind, for his money.

So:
1) you must understand him, his point of view and his trusted people, the ones that might be doing their jobs around him.
2) He rightfully doesn't trust you code, or may be doesn't trust you and your ability to write secured code, this is his right.
3) Why using Chrome, for me chrome is a security risk on its own.
4) Delphi on Virus Scanners like https://www.virustotal.com/ will do very badly on its own !
5) Ditch Chrome and adjust the EXE to minimal, switch to ( i can't believe i am saying it) Internet Explorer or Edge, this will help with Security scanners/analyzers.
6) Your client own the source, without it he will rightfully doubt the whole thing for ever, i recommend to give him the source in full, a compile-able source, and let him audit it, himself or by a 3rd party he trust, so ask you to build or if might prefer to ask a 3rd or even 4th party, that will give him the peace and trust he asking for.

When you have (6) on the table as offer without negotiating, thing will shift and the risk factor by his standard will drop greatly.

My 0.002 cent in short and sorry for bad English and sorry if that didn't help.
Remove point 6. Why turn a customer's suspected or imaginary security concern into a real security issue for the provider/manufacturer?

Zum TE:
Du musst nicht erklären, warum Delphi-Software sicherer ist, sondern warum Deine Software sicher ist. Das muss kein Aufsatz sein oder eine komplette Beschreibung der Software. Da reicht einfach ein Ein- oder Zweizeiler. Du schließt einfach aus, dass Durch Deine Software ein Sicherheitsrisiko entsteht oder darüber Sicherheitslücken ausgenutzt werden können. Solltest Du Deine Software dahingehend schon diversen Tests unterzogen haben, kannst Du das vielleicht auch noch erwähnen (Stichwort Qualitätssicherung).
  Mit Zitat antworten Zitat