IMO the real problem is that software developers are still focussed on
programming, not on specification. We should leave programming to computers,
instead of wasting money paying people to do it and hoping that the resulting
system meets user requirements, including some semblance of security.
At 9:51 PM +0100 6/9/07, David Crocker wrote:
If instead we pay people to perform the more skilled tasks of establishing
requirements and specifying the systems to meet them, and use computers to
generate programs that meet the specifications, then such things as freedom
from
buffer
ljknews,
Yes, it is virtually impossible to get a serious runtime error in an Ada
program. For example:
http://www.youtube.com/watch?v=kYUrqdUyEpI
rCs
At 9:51 PM +0100 6/9/07, David Crocker wrote:
If instead we pay people to perform the more skilled tasks of establishing
requirements
First off, many thanks to all who've contributed to this thread. The
responses and range of opinions I find fascinating, and I hope that
others have found value in it as well. Great stuff, keep it coming.
That said, I see us going towards that favorite of rat-holes here,
namely the my
At 9:16 AM -0400 6/10/07, Robert C. Seacord wrote:
ljknews,
Yes, it is virtually impossible to get a serious runtime error in an Ada
program. For example:
http://www.youtube.com/watch?v=kYUrqdUyEpI
It amazes me that someone in a discussion of software security would point
to a page that
[Apologies for this reply being a bit behind the discussion - I originally
submitted it from a different
e-mail account than the one I subscribed with, and so it sailed off to
/dev/null.]
On Wed Jun 6 18:59 , Michael Silk [EMAIL PROTECTED] sent:
On 6/7/07, McGovern, James F (HTSC, IT) [EMAIL
ljknews wrote:
It amazes me that someone in a discussion of software security would point
to a page that requires Javascript to be viewed.
I'm on a couple of mailing list with Dr. Solly, an early antivirus
researcher. he likes to talk about this idea of Grannyx an
(hypothetical) operating
James, and all list please apologies for my bad english usage. Looking
at your reply I understood I espressed my thoghuts playing bad with
words.
By saying that vendors has to follow developer licensing, I intended
that in my opinion is good that vendors still build tool to aid
developers not
Hi,
I am working out a proposal on this OWASP Education track:
http://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_
on_Web_Application_Security
Assume this company that is convinced that they need to do something on web
application security. They decide to send their