> Der Mouse is barking up the right rathole.

:-)  That's a lovely mangled metaphor.  And, thanks for the kind words;
I'm glad to see I'm not totally out to lunch.  (I haven't been at this
for as long as you have - you write "from 1965 to 1969", during which
time I was at most five years old - and it's good to get confirmation
of some of what I think I've learnt.)

> No software was written until there was an approved specification,
> with well defined interfaces and exception conditions

And here you come close, I believe, to one of the reasons this kind of
security architecture is not more done.

This kind of coding - heck, even just writing good specifications - is
hard work, work that comparatively few people are competent to do.  In
all my years at this, I can count the number of times I've seen a
really well-defined specification on the fingers of one hand.  (The
case I usually cite is the VAX Architecture Reference Manual, which is
carful to call out all the cases where the behaviour is UNDEFINED or
UNPREDICTABLE, those being technical terms defined early in the
document, and to cover every possibility with defined behaviour or one
of those.)  Almost everything has holes, cases where the spec is
silent; this is not the way to produce solid designs.  In many cases a
shaky design is no big problem (so your solitaire game crashes now and
then, so what?).  But in other cases it can be quite disastrous, with
the kind of consequences everyone here surely knows far too much about.

/~\ The ASCII                           der Mouse
\ / Ribbon Campaign
 X  Against HTML               [EMAIL PROTECTED]
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to