> On Apr 27, 2016, at 2:50 PM, Noel Chiappa <j...@mercury.lcs.mit.edu> wrote:
>
> ...
> It's not clear to me that a 'better language' is going to get rid of that,
> because there will always be bugs (and the bigger the application, and the
> more it gets changed, the more there will be). The vibe I get from my
> knowledge of security is that it takes a secure OS, running on hardware that
> enforces security, to really fix the problem. (Google "Roger Schell".)
Those things can be useful at times, but they are neither necessary nor
sufficient.
For example, while Unix is reasonably secure, application writers have managed
to create massive numbers of security holes that have nothing to do with
defects of the OS, and aren't cured by a better OS. A better language might
help (C is the mother of most security bugs). But the most critical component
that is generally missing is a design attitude that both the design and the
implementation need to be CORRECT.
Such design attitudes are very rare. Dijkstra made it his life's mission to
promote this. He demonstrated it in such places as the THE operating system
design (read the paper). Note, by the way, that's a secure system running on
hardware that provides no protection.
By contrast, the common technique of "type in some code, then edit and
recompile and rerun until it seems to work" cannot deliver reliable programs.
paul
