* der Mouse:

>>> Absolute security is a myth.  As is designing absolutely secure
>>> software.
>
>> I have high hopes in formal methods.
>
> All formal methods do is push bugs around.  Basically, you end up
> writing in a higher-level language (the spec you are formally verifying
> the program meets).  You are then subject to the bugs present in *that*
> "program" (the spec) and the bugs present in the "compiler" (the formal
> verifier).

But people are forced to spend more time with the code, which
generally helps them (in particular smart people) to eradicate bugs.
Another way to achieve the same thing is to freeze the code base and
let it mature over decades, but I don't see the business model for
that.
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to