I think that you're both right, but the only solution is the same old, same 
old: speed, code size, and maintainability/complexity versus the padding and 
added IO checking of a very secure app.  Nothing new, nothing different.  It's 
the same problem that has existed since the dawn of programming.  

Invariably the answer to the question will be a proposal for yet another secure 
programming language or framework.  So far all attempts at either have seemed 
to have failed miserably or never really gained traction (anyone else here 
remember plan 9 and its more secure brother inferno?).  Now the industry trend 
du jour is moving more towards protecting the rest of the system from 
unforeseeable vulnerabilities and their exploitation (selinux, dep, etc) when 
things blow up rather than demand that code is 100% bulletproof.  

Bad idea?  I'm not so sure.  The bigger the system, invariably, the harder to 
debug to absolute stability in a timely fashion, but source code analysis tools 
can help lighten the load a bit.  However, no amount of auditing of your own 
product can prevent the problem of a buggy third party that, even if you pass 
it input in the exact fashion as specified by the manufacture, is still 
vulnerable.  The point of this rambling? No amount of hyperventalating over the 
security of your own code will ever make it absolutely secure as long as you're 
placing a reliance on the security of a 3rd party library (in which case I hope 
you're planning to write everything from the bios of the computer up to the 
app).

Point?  Mitigating the threat posed by unknown attack vectors is something that 
may start at the program level, but I'm highly doubtful that it can completely 
be accomplished at just the program level alone.  A secure operating system or 
security framework will pretty much always be a necessity for guaranteeing a 
completely secure platform.  

If there's a silver lining here it's that even the most novice computer user 
knows that security is a problem with computers as opposed to "security? What's 
that?" (followed by a deer in the headlights look).  That widespread knowledge 
is what drives budgets to spend on security oriented products rather than the 
old philosophy that those are optional products.  Hopefully, that will 
eventually materialize in the form of better, cheaper source code auditing 
products that can help fix the problem at where it all starts: insecure code 
created by innocent oversight of the programmer who creates it through either 
it being abolutely complex, a rushed development cycle, or maybe just the 
infamous ("that looks right"). 

Geoff



 
Sent from my BlackBerry wireless handheld.

-----Original Message-----
From: "Geo." <[EMAIL PROTECTED]>

Date: Sun, 7 Oct 2007 22:26:21 
To:<[EMAIL PROTECTED]>,<full-disclosure@lists.grok.org.uk>
Subject: Re: [Full-disclosure] URI handling woes in Acrobat Reader, Netscape,
        Miranda, Skype


----- Original Message -----
From: <[EMAIL PROTECTED]>

>> 2) That said program can protect itself against overtly malicious input.

Ok then, I can mark you down as one who believes that all the php exploits
blamed on bad code writing are actually the fault of php and not the
application coded using it's powerful functionality?

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to