"threat model"

Well, I understand that I should explicitly state what do I consider as a threat and what not but that in itself is to difficult for me now. Besides when I am asked if this code can be trusted, usually the person who asks this has even less understanding than I do. Which, you might guess, is really little.

So I go back thinking about the issue at hand.

I guess we have an advantage here that we have the source code so we don't necessarily need to check the behavior. We can check the source code.

In the code that raised the whole question one of the modules only contains some variables. most of the code is just looks like this:

# number of carnivores in the beginning
    $NUM_CARNIVORES = 30;
[download]

I am not a security expert but I think we can easily agree that such code in itself cannot be dangerous even though we are talking about carnivores here.

That means if I want to evaluate the code - regardless of my threat model or lack of it I can disregard those line when I am checking the source code.

OTOH if I see code like this:

use Carnivores;
[download]

that should immediately raise the red flag and tell me to look for the Carnivores.pm file to see what dangers might lurk in there.

---

---

• Are you posting in the right place? Check out Where do I post X? to know for sure.
• Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:

  <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>

• Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
• Want more info? How to link or How to display code and escape characters are good places to start.