Are companies today even seriously trying? Or do they hire security
experts just to have someone to put the blame on and fire? /Erling
Den 2017-11-17 kl. 10:39, skrev Erling Hellenäs:
Hi all!
I talked to a person who worked with security for the Swedish secret
service.
According to him SELINUX could not be trusted since NSA participated
in the development.
Which software can you trust and use? On which platform can you work?
If the secret services of a country wants some information, they could
get it from any company within its jurisdiction?
NSA wants everything?
Which company can you trust?
Every piece of information that passes a country border is filtered
and what NSA wants is sent to them?
Can you use cloud services?
Every character written in the address field in a browser is sent
directly to Google?
Can you use web systems?
Long ago most programs was Cobol. Mainly move sentences anyone could
read and control. I worked 5 years on IBM systems and hit ONE(1)
platform problem. I guess it was a memory problem in the mainframe.
Now most programs are so complex no one could understand them
entirely? A totally uncomprehensive mess full of bugs? You are at the
mercy of the development environment? If it does not find the bugs you
couldn't? And the development environment does not find them all?
So, however much you know, however clever you are and however much you
try to write a self-documented, commented, documented, readable,
simple, well tested program which follows all development and security
best practices you are not going to be able to write a resilient program?
J has one clue to a possible solution - you get rid of all or most
control structures - where you could otherwise plant bugs.
Another clue is to have a development environment tailored to the
specific problem domain. If you want a specific functionality there is
only one way to create it :) If it works you did it right.
Cheers,
Erling Hellenäs
Den 2017-11-16 kl. 20:23, skrev Raul Miller:
Eh... well, I suppose you could say the same thing of the entire
internet.
The internet, after all, had its origins as a DARPA project - that's
the USA Department of Defense's Advance Research Project Agency...
My question, though, is how to make our parts of it resilient to
malware and so on.
Thanks,
----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm
----------------------------------------------------------------------
For information about J forums see http://www.jsoftware.com/forums.htm
