It's not random, how people use a programming language. It's weird, people treat code like math instead of the cognitive science problem it actually is.
On Tuesday, January 12, 2016, Will Sargent <will.sarg...@gmail.com> wrote: > > Which thing? There’s a big chain in there: > > > That they’ve written secure code, > > that it can be abstracted into general principles, > > that it can be turned into a reusable framework, > > that it can be made easier than trying to work around it, > > that programmers will ever use it, > > that programmers will ever write secure code even given a framework… > > > Wil. > > -----Original Message----- > From: Dan Kaminsky <d...@doxpara.com> > <javascript:_e(%7B%7D,'cvml','d...@doxpara.com');> > Reply: Dan Kaminsky <d...@doxpara.com> > <javascript:_e(%7B%7D,'cvml','d...@doxpara.com');> > Date: January 11, 2016 at 10:35:19 PM > To: Will Sargent <will.sarg...@gmail.com> > <javascript:_e(%7B%7D,'cvml','will.sarg...@gmail.com');> > CC: Rik Farrow <r...@rikfarrow.com> > <javascript:_e(%7B%7D,'cvml','r...@rikfarrow.com');>, langsec > <langsec-discuss@mail.langsec.org> > <javascript:_e(%7B%7D,'cvml','langsec-discuss@mail.langsec.org');> > Subject: Re: [langsec-discuss] composability > > > A thing we need to experimentally investigate, which pointedly, we are > not. > > > > On Mon, Jan 11, 2016 at 10:33 PM, Will Sargent > > wrote: > > > > > > > > On Mon, Jan 11, 2016 at 3:00 PM, Rik Farrow wrote: > > > > > >> Funny. I had just written a column about why programmers cannot write > > >> secure code: > > >> > > >> https://www.usenix.org/publications/login/dec15/farrow > > >> > > >> I used Venema and Bernstein as examples of the rare programmers who > have > > >> written secure code. And they make extensive use of simple modules, > each > > >> running with the minimal amount of privileges needed. > > >> > > > > > > I read the article, but I'm really very happy that there are two > > > programmers who have written secure code, and they're using the same > > > general principles. That means the principles can be taught, and you > can > > > make a general framework out of those. Make writing small sandboxed > > > modules the easiest way to write code, and programmers will write > secure > > > code. > > > > > > Will. > > > > > > > > > _______________________________________________ > > > langsec-discuss mailing list > > > langsec-discuss@mail.langsec.org > <javascript:_e(%7B%7D,'cvml','langsec-discuss@mail.langsec.org');> > > > https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss > > > > > > > > >
_______________________________________________ langsec-discuss mailing list langsec-discuss@mail.langsec.org https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss
