> -----Original Message-----
> Behalf Of Blue Boar
> Sent: 01 July 2004 21:03
> To: ljknews
> Subject: Re: [SC-L] ACM Queue article and security education
> ljknews wrote:
> > I think it will be properly considered when the most strict portion
> > of the software world is using language X.   I have used many
> > programs where the flaws in the program make it clear that 
> I care not
> > one whit about whether the authors of that program have 
> opinion about
> > anything I might use. They are simply not competent, either as
> > individuals or else as an organization.
> By "most strict portion", do you mean people that care most about 
> correct code, proofs, and such?  I don't deny that the bulk 
> of the heavy 
> lifting will be done by people well-qualified to do so.  
> However, I'm of 
> the school of thought that certain types of people who like to break 
> things, and whose chief skill is breaking things, will always have a 
> decent shot at finding a problem.  There are people who 
> couldn't build 
> it, but they can sure break it.
> You don't typically get their attention until something is really, 
> really popular.  So yes, you can write your stuff in Language X, and 
> assume it's secure.  It might not actually be until the whole 
> world has 
> had its way with Language X, but (hopefully) that's not a 
> problem.  You 
> can still do the dance of patching the last 5 problems in Language X, 
> and end up better off that if you'd just used C.
> Even Knuth has to write checks ocassionally, and he does a 
> lot of proof 
> work, doesn't he?
> So, if Language X only has 5 problems total, even if it takes 
> years to 
> ferret them out, butthey are fixable, please proceed with getting the 
> whole world to use Language X.

I'm not entirely sure I follow this.  I _think_ you are saying: "since we can't be 
sure that X is perfect (because it might have 5 remaining flaws) then there is no 
point in adopting it".  You seem to be saying that it doesn't matter if X is 
_demonstrably_much_better_ than Y, if it is not perfect then don't change.  Have I got 
that right?

This is a variant on the Goedel gambit often used to attack formal verification.  It 
goes "since Goedel's Theorem places strict limits on what we can formalize and prove, 
let's not bother at all and just do a few unit tests instead".  It also reminds me of 
what I call the asprin analogy: "aspirin doesn't cure cancer so there's no point in 
taking it for headaches".

The reality is that demonstrable improvements in quality, safety and security can be 
achieved by using the right tools, languages and methods.  It is for those who choose 
_not_ to use the strongest engineering to justify their position not the other way 


This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.  The IT Department at Praxis Critical Systems can be contacted at 
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:

Reply via email to