> > > On Wed, 6 Jun 2007, Wietse Venema wrote: > > > more and more people, with less and less experience, will be > > "programming" computer systems. > > > > The challenge is to provide environments that allow less experienced > > people to "program" computer systems without introducing gaping > > holes or other unexpected behavior. > > I completely agree with this. This is a grand challenge for software > security, so maybe it's not the NEXT problem. There's a lot of tentative > work in this area - safe strings in C, SafeInt, > StackGuard/FormatGuard/etc., non-executable data segments, security > patterns, and so on. But these are "bolt-on" methods on top of the same > old languages or technologies, and some of these require developer > awareness. I know there's been some work in "secure languages" but I'm > not up-to-date on it.
You may find this interesting as this is a subject I feel strongly about myself. http://www.qasec.com/cycle/securityframeworks.shtml - Robert http://www.cgisecurity.com/ http://www.qasec.com/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
