Does anyone else remember "reference monitors"? What an old-fashioned idea. But they'd certainly solve a lot of problems.
=== Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_ka...@bah.com "The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." - Confucius ________________________________________ From: SC-L [sc-l-boun...@securecoding.org] on behalf of Alfonso De Gregorio [a...@secyoure.com] Sent: 28 August 2015 13:02 To: Johan Peeters Cc: Secure Code Mailing List Subject: [External] Re: [SC-L] SearchSecurity: Dynamism On Thu, Aug 20, 2015 at 8:20 PM, Johan Peeters <y...@johanpeeters.com> wrote: > nice one, Gary. Finally something positive about agile and DevOps. A > trick that you may have missed is immutable servers, see Docker and > friends. They will be a leap forward for server security when they hit > the mainstream. Immutable servers are nice -- let's deploy them. Yet, in an execution environment where code is data and data is code, high assurance software will also require control-flow integrity in the face of malicious input. Or, what we would be left with are weird machines instantiated from disposable images. -- Alfonso _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
