somewhat related to previous mention in this thread regarding simple
security principles, KISS, complexity, etc. started in a thread related to
key sizes, performance, and then wandered into other vulnerabilities:
http://www.garlic.com/~lynn/2003o.html#5 performance vs. key size
http://www.garlic.com/~lynn/2003o.html#6 performance vs. key size
the above specifically was with regard to buffer overflow vulnerability,
and references some historical archeology
http://www.garlic.com/2002i.html#42 Thirty Years Later: Lessons from the
Multics Security Evaluation
the above specifically highlights three sections from the mentioned paper:
2.2 Security as Standard Product Feature
2.3 No Buffer Overflows
2.4 Minimizing Complexity
I'm slightly partial to this ... although I wasn't directly involved in the
above work .... it was going on the 5th floor and I was located on the 4th
floor. a somewhat related thread from cryptography mailing list:
http://www.garlic.com/~lynn/aadsm15.htm#23
--
Internet trivia, 20th anv: http://www.garlic.com/~lynn/rfcietff.htm
