- which is
another topic).
Am I missing the point?
Or are you thinking of something that checks message queues for proper
semantics and syntax (since some OS's are message based and work from
message queues)?
M.
-
Michael S Hines
[EMAIL PROTECTED]
-Original
S Hines
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Crispin Cowan
Sent: Monday, June 11, 2007 5:50 PM
To: Gary McGraw
Cc: SC-L@securecoding.org; Blue Boar
Subject: Re: [SC-L] Harvard vs. von Neumann
Gary McGraw wrote:
Though I
and that's the problem. the accountability for insecure coding should
reside with the developers. it's their fault [mostly].
The customers have most of the power, but the security community has
collectively failed to educate customers on how to ask for more secure
software. There are pockets
.
-
Michael S Hines
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http
are not - are we?
Mike Hines
-
Michael S Hines
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http
are perfect either.
There is only one way to get it right, yet so many ways to get it wrong.
Mike Hines
-
Michael S Hines
[EMAIL PROTECTED]
_
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Kenneth Van Wyk
Sent: Tuesday, January 30, 2007 5:25
can reclassify an
error and report it back up, but you've got to get it in the loop.
/snip
-gp
Quoting Michael S Hines [EMAIL PROTECTED]:
That's a rather pragmatic view, isn't it?
Perhaps if other language constructs are not used, they should be removed?
OTOH - perhaps the fault
a simple structure that provides for errors would go a long
way...
If - then - else - on error
Do - end - on error
Let x = y - on error
Let x = function() on error
etc...
The problem is writing code without thinking of the
possible errors that might arise. This forces you to think about
Or consider the IBM Mainframe and z/OS Operating Systems - protected memory and
paging
together - also privileged programs vs. application programs, also prefetched
programs vs
loaded on demand programs.
Mike Hines
Mainframe Systems Programmer
---
Michael S
Isn't it possible to break out of the sandbox even with managed code? (That is,
can't
managed code call out to unmanaged code, i.e. Java call to C++)? I was
thinking this was
documented for Java - perhaps for various flavors of .Net too?
---
Michael S Hines
the original "smashguard" work was based entirely on
Alpha chips.
cheers,
.mudge
On Dec 13, 2005, at 15:19, Michael S Hines wrote:
Doesn't a hardware 'feature' such as this lock
software into a two-state model
(user/priv)?
Who's to say
hardware (figuratively
speaking).
Just wondering...
Mike Hines
---
Michael S Hines
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman
Wonder what happens if we apply that same logic to building design or bridge
design and
contstruction?
Those who don't place blame at the source are just trying to blame shift. Bad
idea..
Mike Hines
---
Michael S Hines
[EMAIL PROTECTED]
-Original
. There are
plenty of
problems to go around.
(see the work done at Univ of Wisconsin - the Fuzz Testing project
http://www.cs.wisc.edu/~bart/fuzz/fuzz.html )
Mike Hines
---
Michael S Hines
[EMAIL PROTECTED]
platform interfaces. Aren't
we introducing inherient security flaws in the process?
Mike Hines
---
Michael S Hines
[EMAIL PROTECTED]
Environment (LE) before .NET come along.
It all sort of runs together over time - it seems.
Mike Hines
---
Michael S Hines
[EMAIL PROTECTED]
I was a bit wrong earlier.. IBM System Programming language was PL/X (not
PL/M)...
Here's a link to an older reference manual...
http://www.bitsavers.org/pdf/ibm/360/pls/GC28-6794-0_PLSIIguideMay74.pdf
Mike H.
---
Michael S Hines
[EMAIL PROTECTED]
17 matches
Mail list logo