If the state of the art in automobile design had progressed as fast as the
state of the art of secure programming - we'd all still be driving Model

  - System Development Methods have not solved the (security) problem -
though we've certainly gone through lots of them.
  - Languages have not solved the (security) problem - though we've
certainly gone through (and continue to go through) lots of them.
  - Module/Program/System testing has not solved the (security) problem -
though there has been a plethorea written about system testing (both white
box and black box).

And a question/comment/observation.
First the comment - As an IT Auditor we approach auditing in two stages -
first we look at general controls, and then application controls (won't go
into details here - there's information on this available elsewhere).  If
general controls are not in place, application controls are not relevant
(that is any application control can be circumvented due to weak general
Then the question - Why do we not subject computer operating systems (which
are a general control) to the same level of testing that we subject
And the observation - weaknesses in operting systems have been documented
(but not widely circulated) - yet we (as Sysadmins/users/auditors/security
experts - you pick) do not have a problem using faulty system software and
laying applications on top of them.  Why is that?     

And then a thought question - in message passing operating systems (those
that respond to external stimuli, or internal message queues) - if one can
inject messages into the processing queue, can't one in essence 'capture the
flag'?  Yet we see message passing systems as middleware (and OS core
technology in some cases) to facilitate cross platform interfaces.  Aren't
we introducing inherient security flaws in the process?     

Mike Hines
Michael S Hines

Reply via email to