> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hollebeek > Sent: 30 August 2006 18:23 > To: 'Wall, Kevin'; SC-L@securecoding.org > Subject: Re: [SC-L] How can we stop the spreading insecure > coding examplesattraining classes, etc.? > > > Really, the root of the problem is the fact that the simple > version is short and easy to understand, and the secure > version is five times longer and completely unreadable. > While there always is some additional complexity inherent in > a secure version, it is nowhere near as bad as current > toolkits make it seem. >
No, the root cause of the problem is the use of inadequate notations so that we have to make secure versions 5 times as long in order to overcome those inadequacies. From my experience a typical secure SPARK implementation (which we have proved to be free from buffer overflow, numeric range violation etc.) is no longer or more complex than its simple version. Peter ********************************************************************** This email is confidential and intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient, be advised that you have received this email in error and that any use, disclosure, copying or distribution or any action taken or omitted to be taken in reliance on it is strictly prohibited. If you have received this email in error please contact the sender. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of Praxis High Integrity Systems Ltd (Praxis HIS). Although this email and any attachments are believed to be free of any virus or other defect, no responsibility is accepted by Praxis HIS or any of its associated companies for any loss or damage arising in any way from the receipt or use thereof. The IT Department at Praxis HIS can be contacted at [EMAIL PROTECTED] ********************************************************************** _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
