Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread der Mouse
Like it or not, the Web doesn't work right without Javascript now. Depends on what you mean by the Web and work right. Fortunately, for at least some people's values of those, this is not true. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML

Re: [SC-L] What's the next tech problem to be solved in software

2007-06-11 Thread Bennett, Jason
Lots of interesting points been raised in thread so here a few points I've picked out: - It's the developer's fault: A few comments were made that the lack of security lies at the door of the developers because they implement insecure code. True to an extent but I don't think you can blame

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread David Crocker
Crispin Cowen wrote: IMHO, all this hand wringing is for naught. To get systems that never fail requires total correctness. Turing tells us that total correctness is not decidable, so you simply never will get it completely, you will only get approximations at best. What Turing actually tells

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread Gary McGraw
Hi all, Though I don't quite understand computer science theory in the same way that Crispin does, I do think it is worth pointing out that there are two major kinds of security defects in software: bugs at the implementation level, and flaws at the design/spec level. I think Crispin is

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread der Mouse
What Turing actually tells us is that it is possible to construct programs that may be correct but whose correctness is not decidable. This is a far cry from saying that it is not possible to build well-structured programs whose correctness _is_ decidable. True as far as it goes - but don't

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread ljknews
At 9:00 AM -0400 6/11/07, Gary McGraw wrote: If we assumed perfection at the implementation level (through better languages, say), then we would end up solving roughly 50% of the software security problem. Clearly we need to make some progress at the architecture/design level to attain

Re: [SC-L] What's the next tech problem to be solved in softwaresecurity?

2007-06-11 Thread McGovern, James F (HTSC, IT)
The next problem to be solved is moving higher up the food chain by teaching architects secure architecture principles. Would love to see Gary McGraw tackle this subject in his next book... From: [EMAIL PROTECTED] on behalf of Kenneth Van Wyk Sent: Sun

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread David Crocker
der Mouse wrote: What Turing actually tells us is that it is possible to construct programs that may be correct but whose correctness is not decidable. This is a far cry from saying that it is not possible to build well-structured programs whose correctness _is_ decidable. True as far as

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread Blue Boar
der Mouse wrote: Like it or not, the Web doesn't work right without Javascript now. Depends on what you mean by the Web and work right. Fortunately, for at least some people's values of those, this is not true. Obviously, I'm oversimplifying. I claim that there are enough web sites that