Well, of course, I'm actually looking for the inverse problem: what is the minimum hole we need to see interesting abuse, e.g. whole new ecosystems of behavior. It seems like strongly typed, lazy (not just non-strict) eval languages capable of higher order logic are the right platform for finding minimal holes of maximal interestingness.
On 08/11/2015 02:05 PM, Marcus Daniels wrote:
The usual problem that occurs in non-strict languages are thunk leaks. I plan to plan to plan to plan ... to do something.. Delayed failure can occur too, but for me it is much less common then, say, ad-hoc type handling in a dynamically-typed language. I think it just comes down to the degree to which the developer articulates the constraints on the context as types, and then whether the language has the property of really enforcing those types. Also there's the problem of what happens when the developer just can't get across what they want in the types. Either because they can't be bothered or because the type system isn't versatile enough. I think these security issues come down to limitations in human attention. Tools and languages can help with that, but obsessiveness is needed too.
-- glen ep ropella -- 971-255-2847 ============================================================ FRIAM Applied Complexity Group listserv Meets Fridays 9a-11:30 at cafe at St. John's College to unsubscribe http://redfish.com/mailman/listinfo/friam_redfish.com
