On Sun, 5 Nov 2006, Leichter, Jerry wrote:
Much as I agree with many of the sentiments expressed in this discussion,
there's a certain air of unreality to it. While software has it's own
set of problems, it's not the first engineered artifact with security
implications in the history of the
Most of the incidents in your first paragraph were improved with the establishment of laws, regulation bodies, and external testing with a stamp of approval. The Underwriters labaroratory was established to ensure that a product was sales worthy to the public due to manufacturers focusing on sales
In response to a post by Jerry Leichter, Gadi Evron wrote...
A bridge is a single-purpose device. A watch is a simple
purpose computer, as was the Enigma machine, if we can call
it such.
Multi-purpose computers or programmable computers are where
our problems start. Anyone can DO and
On 11/7/06, Wall, Kevin [EMAIL PROTECTED] wrote:
Developers have to cut corners somewhere, and since security issues
are not paramount, that's often what gets overlooked.
this is the biggest issue i think. it gets overlooked because
management dont value it. partly because its expensive to
Much as I agree with many of the sentiments expressed in this discussion,
there's a certain air of unreality to it. While software has it's own
set of problems, it's not the first engineered artifact with security
implications in the history of the world. Bridges and buildings
regularly
On Sun, 29 Oct 2006, Robert C. Seacord wrote:
Gadi,
I feel like I've been here before, but I'll give it another shot anyway.
Okay, than let's make some progress:
1. Where and who is currently involved with doing this?
2. What are they doing?
3. Can we use their experience to make it
Seeking perfect correctness as an approach to security is a fool's
errand. Security is designing systems that can tolerate imperfect software.
Exactly. On Curb Your Enthusiasm this happened recently. Larry David was
frantically looking for a DVD case, but could not find it.
LD: I don't know
Crispin,
I think you may have over spoken below:
Seeking perfect correctness as an approach to security is a fool's
errand. Security is designing systems that can tolerate imperfect software.
I could go along with achieving perfect correctness as an approach to
security is a fool's belief but
Gadi Evron wrote:
For argument sake, let's assume there are 100.
How about campaigning for a secure coding chapter to be added to these
semester, erm, world-wide?
Nothing is ever easy, but we have to start somewhere. I don't see why this
is a bad idea. Yes, it takes time. Yes, it will have
On Sat, 28 Oct 2006, Crispin Cowan wrote:
Gadi Evron wrote:
So, dump C, Use SML, What secure coding classes are you doing? and
we are already doing it!! are the responses I got when I started this
thread.
What did you expect from whining about the generally poor quality of
software?
10 matches
Mail list logo