At 10:30 AM -0500 12/21/06, McGovern, James F (HTSC, IT) wrote:
> Content-class: urn:content-classes:message
> Content-Type: multipart/alternative;
> boundary="----_=_NextPart_001_01C72514.FE7A042C"
>
> I have been noodling the problem space of secure coding after attending a
>wonderful class taught by Ken Van Wyk. I have been casually checking out
>Fortify, Ounce Labs, etc and have a thought that this stuff should really
>be part of the compiler and not a standalone product. Understanding that
>folks do start companies to make up deficiencies in what large vendors
>ignore, how far off base in my thinking am I?
Isn't the whole basis of Spark a matter of adding proof statements in
the comments ? I don't think the general compiler marketplace would
go for that built-in to compilers. After all:
1. The Praxis implementation can be used with multiple compilers
2. The compiler market is so immature that some people are still
using C, C++ and Java.
But for the high-integrity market, Spark seems to fit the bill.
--
Larry Kilgallen
_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________
