-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/07/13 20:35, Maxim Kammerer wrote: > Writing secure software is relatively easy, and does not rely much > on abstraction layers or whatever OOP ideology is popular at the > moment. You just document each function' input/output, test it > somehow, and check input/output requirements when calling any other > function. The simpler, the better, it's not difficult.
This is contradicted by a mountain of evidence. The great majority of developers clearly don't find it easy to write secure software. If they did, we wouldn't see a constant stream of security patches for new and old software alike. Google and Mozilla wouldn't have to run competitions to find holes in their own browsers. There wouldn't be a multi-million-dollar 0day black market. It wouldn't be possible for the NSA (according to Snowden) to "simply own" the computer of any person of interest. Writing secure software is much, much harder than simply writing comments, writing tests and coding defensively. You might as well say that good government consists of wearing a suit, talking about laws, and remembering not to have wars or recessions. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJR28w5AAoJEBEET9GfxSfMLT8H/RUK16xsgpomruwd+qZx3hl6 endDibCLoMFL4zWiTtupOMLjxhyvziZFeLKzLb7HGjch9f8tXKG6SRb1PuedIEAd znZ8Myeg7somPbrdVnNQOHZycwIpYOpWRyo3ZLXl0enbv8H+RjfzVKB1NWmyvYLM p5PnRJJOtKcuvkXon00uomVe3yHJrbF0ra8D03btv2+AuOU7pHqk6a+OyYJQMlOy xFc4IAWVth8Z2MgfbQl0HGEvpdJbkwKWMJf1U8KfZHAr4IyrozGIAupBRRCGL88t P3xZyDUO36n14uG7x6aSUD2pTe534wmWyWTU8+ABqLiMduqK/p0L9tBdRZqWMG8= =5mEN -----END PGP SIGNATURE----- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at [email protected] or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech
