Actually, we can't prove programs are bug free if by bug we also mean all
possible anomalous behaviours. My colleagues keep pointing this out to me when
I suggest that we should start leveraging the computational power of computing
grids to analyze complex software the same way other
Great points Karen! We can't prove a program is secure in the same vein.
The danger I am spouting off about is the idea that we would solve the
software security problem if we just take a more scientific or
mature (or whatever) approach. I think those can definitely reduce
the risk, but
Another lurker revealing himself ... my name is Matt Bishop, and I
lurk at the University of California at Davis where I teach and do
research in lots of areas of computer security, including (surprise!)
what is traditionally called secure programming and secure software
development. For
On Aug 18, 2009, at 2:21 PM, Arian J. Evans wrote:
Jeremiah Grossman and I were both pondering the size of the SCL
recently.
Is the list size public?
It's not public per se, but only in the sense that the number isn't
directly available--unless you ask for it.
The list has pretty
Hi SC-L,
I'm a Lurker. I work for CERT | SEI | CMU and monitor the list in an
attempt to keep an ear to the ground. While I'm not a professional
programmer I do have an undergrad and graduate degree in CS which
means I've been trained a little about programming. I'm really
interested in two
