At 1:00 PM -0700 3/25/09, Andy Steingruebl wrote: > On Wed, Mar 25, 2009 at 10:18 AM, ljknews ><<mailto:ljkn...@mac.com>ljkn...@mac.com> wrote: > > > Worry about enforcement by the hardware architecture after > you have squeezed out all errors that can be addressed by > software techniques.\ > > > Larry, > > Given the focus we've seen fro Microsoft and protecting developers from > mistakes through things like DEP, ASLR, SEH, etc. why do you think that > these can't be done in parallel?
I don't know any of those acronyms, and I have very little to do with Microsoft. The last software of theirs I bought was Microsoft Word V5.1a, the last one _before_ they introduced Macro viruses. >I mean, we used to not have Virtual >Memory or real MMUs and the developer had to make sure they didn't step on >other people's pages. Hardware support for protection on pages has helped >with a lot of things right? Yes, but for me that was prior to 1978, and the benefit of hardware protection pales by comparison to the benefit of not programming everything in assembly language. > I'm not saying I'm holding out hope for hardware to solve all our >problems (that would be silly) but I do think it can be fairly useful for >some classes of problems and a lot more scalable/repeatable. >Practical >right now, no. But we're sort of in the realm of fantasy in this >discussion already if we think the general mass of people writing software >are going to switch languages because certain ones are more reliable.... I don't expect programmers to make that decision - I expect astute management to make that decision (wherever astute management happens to surface). Management has a lot easier time changing languages than changing hardware architectures. Sometimes the hardware is even dictated by the customer (such as when trying to sell into a particular market). -- Larry Kilgallen _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________