Hi SC-L,
[Hmmm, this didn't make it out to the list as I'd expected, so here's
a 2nd try. Apologies for any duplicates. KRvW]
At the SC-L BoF sessions held to date (which admittedly is not
exactly a huge number, but I'm doing my best to see them continue), I
like to ask those that attend
you've got a few questions there ... i'll answer the first one.
i might copy the suggestion from someone [i can't remember who at the
moment] who suggested the next step in programming in-general is more
parallel programs [in order to increase speed]. this is obviously
complicated and will create
Kenneth Van Wyk:
> What do you think is the _next_ technological problem for the
> software security community to solve? PLEASE, let's NOT go down the
> rat hole of senior management buy-in, use [this language], etc. (In
> fact, be warned that I will /dev/null any responses in this thread
On Wed, 6 Jun 2007, Wietse Venema wrote:
> more and more people, with less and less experience, will be
> "programming" computer systems.
>
> The challenge is to provide environments that allow less experienced
> people to "program" computer systems without introducing gaping
> holes or other une
I've recently been working on providing better secure programming
defaults. There's a great opportunity for doing so for applications
written on top of frameworks/libraries.
See our paper " Towards Security by Construction for Web 2.0
Applications" at a recent W2SP workshop.
-Ben
On 6/7/07, Stev
On 8 Jun 2007, at 02:23, Steven M. Christey wrote:
>
> More modern languages advertise security but aren't necessarily
> catch-alls.
At the same time, the improvements in security made by managed code
(e.g. the JRE and .NET runtimes) for example, should not be
understated. The fact that apps
At 9:53 AM +0200 6/8/07, Stephen de Vries wrote:
> On 8 Jun 2007, at 02:23, Steven M. Christey wrote:
>>
>> More modern languages advertise security but aren't necessarily
>> catch-alls.
>
> At the same time, the improvements in security made by managed code
> (e.g. the JRE and .NET runtimes) fo
On Thu, 7 Jun 2007, Steven M. Christey wrote:
| On Wed, 6 Jun 2007, Wietse Venema wrote:
|
| > more and more people, with less and less experience, will be
| > "programming" computer systems.
| >
| > The challenge is to provide environments that allow less experienced
| > people to "program" compu
> Immunity from buffer overflows has been around for 30 years. The
> fact that some set of developers choose to ignore the languages that
> provide it does not make the next environment that provides it an
> improvement for the industry.
I'd disagree - if it means a significant increase in people
At 8:33 AM -0400 6/9/07, der Mouse wrote:
>> Immunity from buffer overflows has been around for 30 years. The
>> fact that some set of developers choose to ignore the languages that
>> provide it does not make the next environment that provides it an
>> improvement for the industry.
>
> I'd disa
First off, many thanks to all who've contributed to this thread. The
responses and range of opinions I find fascinating, and I hope that
others have found value in it as well. Great stuff, keep it coming.
That said, I see us going towards that favorite of rat-holes here,
namely the "my pr
11 matches
Mail list logo