http://www.businessweek.com/the_thread/techbeat/archives/2009/01/nsa_dhs_industr.html?link_position=link3
...
I think that http://www.galois.com is already doing as stated in the
article/ ...... I sincerely think there is a segway for Haskell here with
strong and static type checking..
Strong static type checking is a very useful tool, but there's a lot more
to securing against the 25 most common errors. For example, you can use
the type system to ensure that output encoding is always applied to
user-provided data, but you must first be aware of this issue and
write libraries that enforce this and make use of these libraries a
requirement in applications or application frameworks. Some problems
such as cross-site request forgery are best addressed by the application
framework, so framework authors must be aware of these issues and
implement protections for the issue. This usually involves the use
of some cryptographic primitives, and the type system doesn't do
anything to make sure you get that right.
Security issues are (mostly) a subset of correctness issues. Haskell
provides some tools to help you make sure your program is correct, but
there are a lot of ways to write incorrect software despite the help
these tools provide. These tools are very valuable and should be
sold to the wider developer community, but they are no silver bullet.
Vasili
Tim Newsham
http://www.thenewsh.com/~newsham/
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
