| >>>> Absolute security is a myth.  As is designing absolutely secure
| >>>> software.
| >> 
| >>> I have high hopes in formal methods.
| >> 
| >> All formal methods do is push bugs around...
| > 
| > But people are forced to spend more time with the code, which
| > generally helps them (in particular smart people) to eradicate bugs....
| Also, writing it twice with different languages, especially at different
| levels of abstraction, makes it less likely that the same bugs will appear
| in both.  You can choose the higher level language so that it has great
| expressive power exactly for the things that are a pain to capture and
| verify (and thus a source of bugs) in the lower-level language....
But always keep in mind a comment (allegedly, I've never actually
seen this) present at the top of something Don Knuth wrote:

        Be careful with this code.  I've only proved
        it correct, not actually tested it.

If Don Knuth can say that about code, the rest of us should be very
humble about our correctness proofs.
                                                        -- Jerry
Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to