IMO the real problem is that software developers are still focussed on programming, not on specification. We should leave programming to computers, instead of wasting money paying people to do it and hoping that the resulting system meets user requirements, including some semblance of security.
At 9:51 PM +0100 6/9/07, David Crocker wrote: If instead we pay people to perform the more skilled tasks of establishing requirements and specifying the systems to meet them, and use computers to generate programs that meet the specifications, then such things as freedom from buffer
ljknews, Yes, it is virtually impossible to get a serious runtime error in an Ada program. For example: http://www.youtube.com/watch?v=kYUrqdUyEpI rCs At 9:51 PM +0100 6/9/07, David Crocker wrote: If instead we pay people to perform the more skilled tasks of establishing requirements
First off, many thanks to all who've contributed to this thread. The responses and range of opinions I find fascinating, and I hope that others have found value in it as well. Great stuff, keep it coming. That said, I see us going towards that favorite of rat-holes here, namely the my
At 9:16 AM -0400 6/10/07, Robert C. Seacord wrote: ljknews, Yes, it is virtually impossible to get a serious runtime error in an Ada program. For example: http://www.youtube.com/watch?v=kYUrqdUyEpI It amazes me that someone in a discussion of software security would point to a page that
[Apologies for this reply being a bit behind the discussion - I originally submitted it from a different e-mail account than the one I subscribed with, and so it sailed off to /dev/null.] On Wed Jun 6 18:59 , Michael Silk [EMAIL PROTECTED] sent: On 6/7/07, McGovern, James F (HTSC, IT) [EMAIL
James, and all list please apologies for my bad english usage. Looking at your reply I understood I espressed my thoghuts playing bad with words. By saying that vendors has to follow developer licensing, I intended that in my opinion is good that vendors still build tool to aid developers not
Hi, I am working out a proposal on this OWASP Education track: http://www.owasp.org/index.php/Education_Track:_What_Developers_Should_Know_ on_Web_Application_Security Assume this company that is convinced that they need to do something on web application security. They decide to send their