> My $.02... I don't think this approach is going to catch on anytime soon. > Spending 30 or so staff years verifying a 7500 line C program is not going > to be seen as cost effective by most real-world managers. But interesting > research nonetheless.
maybe not as crazy as it sounds: this is a micro kernel and hence a security chokepoint. The other stuff running on top do not need the same level of assurance. kr, Yo -- Johan Peeters http://johanpeeters.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________