Karen Goertzel wrote...

> I'm more devious. I think what needs to happen is that we
> need to redefine what we mean by "functionally correct" or
> "quality" code. If determination of functional correctness
> were extended from "must operate as specified under expected
> conditions" to "must operate as specified under all
> conditions", functional correctness would necessarily require
> security, safety, fault tolerance, and all those other good
> things that make software dependable instead of just correct.

Except, unfortunately, as an industry / profession, we can't even
get the far-simpler (IMO) _functional correctness_ right let
alone (so-called) "non-functional" issues such as security, safety,
fault tolerance, etc. (Mathematical rigor and proof-of-correctness aside,
but in many [most?] cases that's not practical and even if it were, most
programmers' brains turn to mathematical mush whenever they see any
kind of correctness proof. Meaning that "it ain't going to happen"
if it requires thinking. ;-)

In some regard, I think this holds things back. If we don't do a
good job testing that the software does all that it's supposed to do
under *ideal* conditions, how are we ever to expect developers and
testers to test to make sure that the software doesn't do additional
things that it's NOT supposed to do under less than ideal conditions.
There's a reason why Ross Anderson and Roger Needham talked about
"Programming Satan's Computer" (see
http://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf). [Yes, I 'm aware that
paper was about the correctness of distributed cryptographic protocols,
but I think both Anderson and Needham would agree that the term
"Programming Satan's Computer" applies more generally than just to that
narrow aspect of security.]

Not that I'm advocating of giving up, mind you. If the battle seems
hopeless, perhaps we would see more progress if we were to address
secure programming issues simply as a related aspect of program
correctness. Why? Because the development community seems to be more
willing to address those things. (Obviously, part of that is that
many programming flaws are rather tangible and something that casual
users can experience. Yeah! That's the ticket. Let's teach the general
populace how to hack into systems! Pass out free "You've been pwnd!"
T-shirts with every successful pwnage. Now *THAT* would be devious. ;-)

Kevin W. Wall           Qwest Information Technology, Inc.
kevin.w...@qwest.com    Phone: 614.215.4788
"It is practically impossible to teach good programming to students
 that have had a prior exposure to BASIC: as potential programmers
 they are mentally mutilated beyond hope of regeneration"
    - Edsger Dijkstra, How do we tell truths that matter?

Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to