[Python-Dev] Python vulnerabilities

2017-09-11 Thread Stephen Michell 
I am new to this list. 

Skip suggested that I join. 

I convene ISO/IEC/JTC1SC22/WG23 Programming Languages Working Group. We produce 
a suite of international technical reports that document vulnerabilities in 
programming that can lead to serious safety and security breaches. 

We published TR 24772 "Guidance to avoiding programming language 
vulnerabilities through language selection and use" in 2010 and again in 2013. 
Edition one was a language independent look at such vulnerabilities. Edition 
two added new vulnerabilities plus language specific annexes for Ada, C, 
Python, PHP, Ruby, and Spark. 

For this round, we have split the document into parts and are publishing the 
language specific parts separately. We have added a few new vulnerabilities, 
mostly associated with concurrency and object orientation for this iteration. 

We target the team lead that guides and writes coding standards for an 
organization, as opposed to the general programmer. 

We plan to ballot and publish in 2018 TR 24772-1, the language independent 
Part, as well as -2 Ada, -3 C, -4 Python and -8 Fortran. 

Our Python Part needs completion to address the new vulnerabilities documented. 
We want to do justice to all languages that we work with. We need experts to 
help us complete the document, and then to review it. I have had initial 
conversations with one expert. We hope for a bit more if possible. I

If interested, please contact me as listed below. 

Our document list is at www.open-std.org/JTC1/sc22/wg23. 

Thank you. 

Stephen Michell
Maurya Software
stephen dot michell at maurya dot on dot ca
Phone: 1-613-299-9047___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com

[Python-Dev] Python possible vulnerabilities in concurrency

2017-11-13 Thread Stephen Michell 
I am looking for one or two experts to discuss with me how Python concurrency 
features fit together, and possible vulnerabilities associated with that.

TR 24772 lists 5 vulnerabilities associated with 

1. activating threads, tasks or pico-threads
2. Directed termination of threads, tasks or pico-threads
3. Premature termination of threads, tasks or pico-threads
4. Concurrent access to data shared between threads, tasks or pico-threads,   
and
5. Lock protocol errors for concurrent entities 

I need to document how these appear (or don’t appear) in Python. The writeups 
would possibly swamp this email reflector, so I am looking for a small number 
of people to review these sections of our language-independent document and 
discuss with me how these are handled in Python. 

I have a good background in these issues, but no relevant experience with 
Python. 

Please contact me at stephen.mich...@maurya.on.ca 
<mailto:stephen.mich...@maurya.on.ca> to respond directly.

Thank you

…stephen michell
Convenor
ISO/IEC/JTC 1/SC 22/WG 23 Programming Language Vulnerabilities Working Group___
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe: 
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com