On 1/14/13 9:51 PM, Douglas Roberts wrote:
Yes, of course. But what do you really think, Marcus?
The only thing that makes software safe in practice is a relentless
effort to fix bugs. If bugs fail to come to light, software just won't
become secure. If important packages aren't being talked about, they
are surely just waiting to be exploited once that packages gains the
fancy of security researchers (white or black hat). Be glad that
something is good enough to be criticized. If we did things right,
we'd prove aspects of important software to be correct in the first
place. But that's believed to be too expensive and hard, so we get the
Tom Ridge thing instead. Fun in its own way, I suppose.
Remember, the only `important thing' is that people perceive they are or
can be made safe. Put some sirens on some cars and arrest a few people
and call it good.
Marcus
============================================================
FRIAM Applied Complexity Group listserv
Meets Fridays 9a-11:30 at cafe at St. John's College
to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
