Andreas Messer said on Mon, 26 Jul 2021 09:38:23 +0200
My feeling is, that you can not simply teach someone how to write
safe software.
Why not? You can teach a person to do anything else. But maybe not in
college, because college is built to make money, not to teach.
Consider the average textbook and compare to the average "For
Dummies" book. The former makes the subject matter look incredibly
complex, justifying the professor. The latter makes it easy to learn.
What is needed is a curated document explaining the five or ten or
twenty things you need to do to be secure, and then how to achieve
them in a practical world. Let's start with input field cleansing and
protection from errant pointers and buffer overflow. There are many
more:
Because there will always be new failure modes & vulnerabilities - it
comes with any complex engineering activity.
You can teach people to avoid KNOWN failure modes & vulnerabilities, and
establish processes and methods to avoid them (e.g., tooling, testing,
design reviews, etc.) - but there will always be new ones - that can
only be detected in the breach. Good engineers can, perhaps, see and
avoid some. Penetration testing can help find others before fielding.
But ultimately, there will always be unsafe code in the field - that
will only be detected in the breach.
As von Moltke put it, "no plan survives contact with the enemy." It
probably has something to do with computability (P/NP and all that.)
We could learn from the way the aerospace industry responds to plane
crashes, though. And, maybe, trash "agile" and go back to design
processes that got us to the Moon (you know, serious, step-by-step,
design, document, review, test).
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
Theory is when you know everything but nothing works.
Practice is when everything works but no one knows why.
In our lab, theory and practice are combined:
nothing works and no one knows why. ... unknown
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng