RE: [SC-L] Missing the point?

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Pascal Meunier > Sent: 20 April 2004 20:00 > To: Michael A. Davis > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] Missing the point? > > [snip] > However, the PSP and > TSP seem to > be working well

RE: [SC-L] Anyone looked at security features of D programming language compared to Spark?

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Jim & Mary Ronback > Sent: 22 April 2004 19:57 > To: Greenarrow 1 > Cc: Kenneth R. van Wyk; [EMAIL PROTECTED]; James Walden; > Rod Chapman > Subject: [SC-L] Anyone looked at security features of D progr

RE: [SC-L] opinion, ACM Queue: Buffer Overrun Madness

der Mouse (Maus surely?) wrote [snip] > > Well, actually, but for the world's addiction to sloppy coding. > > It's entirely possible to avoid buffer overflows in C; it > just requires > a little care in coding. C's major failing in this regard - and I > don't actually consider it all that majo

RE: [SC-L] SPI, Ounce Labs Target Poorly Written Code

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Blue Boar > Sent: 28 June 2004 21:35 > To: Kenneth R. van Wyk > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code > > > Kenneth R. van Wyk wrote: > > The article qu

RE: [SC-L] ACM Queue article and security education

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Michael S Hines > Sent: 30 June 2004 17:00 > To: [EMAIL PROTECTED] > Subject: RE: [SC-L] ACM Queue article and security education > > > If the state of the art in automobile design had progressed >

RE: [SC-L] ACM Queue article and security education

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Blue Boar > Sent: 01 July 2004 21:03 > To: ljknews > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] ACM Queue article and security education > > > ljknews wrote: > > I think it will be properly consider

RE: [SC-L] ACM Queue article and security education

> -Original Message- > From: Blue Boar [mailto:[EMAIL PROTECTED] > Sent: 01 July 2004 17:11 > To: Peter Amey > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] ACM Queue article and security education > > > Peter Amey wrote: > > There are language

RE: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Crispin Cowan > Sent: 07 July 2004 23:29 > To: ljknews > Cc: [EMAIL PROTECTED] > Subject: Re: [SC-L] Education and security -- another perspective (was > "ACM Queue - Content") > > > ljknews wrote: >

RE: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of der Mouse > Sent: 08 July 2004 03:47 > To: [EMAIL PROTECTED] > Subject: Re: [SC-L] Education and security -- another perspective (was > "ACM Queue - Content") > > > > I see both of you willing to man

RE: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

> -Original Message- > From: Crispin Cowan [mailto:[EMAIL PROTECTED] > Sent: 09 July 2004 04:27 > To: Peter Amey > Cc: ljknews; [EMAIL PROTECTED] > Subject: Re: [SC-L] Education and security -- another perspective (was > "ACM Queue - Content") > >

RE: [SC-L] Programming languages used for security

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of ljknews > Sent: 12 July 2004 14:24 > To: [EMAIL PROTECTED] > Subject: Re: [SC-L] Programming languages used for security > > > At 3:55 PM -0700 7/10/04, Crispin Cowan wrote: > > > However, I think I

RE: [SC-L] Programming languages -- the "third rail" of secure coding

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Michael S Hines > Sent: 20 July 2004 14:17 > To: [EMAIL PROTECTED] > Subject: RE: [SC-L] Programming languages -- the "third rail" > of secure > coding > > > I've been compiling a list of programmin

RE: [SC-L] Programming languages -- the "third rail" of secure co ding

[snip] > > As engineers, we need "good enough", not perfection. > We also need: (1) To recognise when things aren't "good enough" (2) To have a migration path to "better" Peter ** This email and any files transmitted with

RE: [SC-L] How do we improve s/w developer awareness?

[snip] > > Remember that little incident in 2000 when the London > millennium bridge was > closed immediately after opening due to excessive wobbling when people > walked across it? I can't guarantee that my recollection is > accurate, but > I'm sure they were trying to put this down to that s

RE: [SC-L] Theoretical question about vulnerabilities

o defects found. Since it was also cheaper than the system it replaced, this does at least suggest that more formal approaches are practical. regards Peter Peter Amey BSc ACGI CEng MRAeS Chief Technical Officer direct: +44 (0) 1225 823761 mobile: +44

RE: [SC-L] Theoretical question about vulnerabilities

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of der Mouse > Sent: 12 April 2005 05:15 > To: SC-L@securecoding.org > Subject: Re: [SC-L] Theoretical question about vulnerabilities > > > > [B]uffer overflows can always be avoided, because if there is A

RE: [SC-L] Theoretical question about vulnerabilities

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of Crispin Cowan > Sent: 15 April 2005 20:58 > To: David Crocker > Cc: SC-L@securecoding.org > Subject: Re: [SC-L] Theoretical question about vulnerabilities > > > David Crocker wrote: > > >Well, that

Re: [SC-L] Cost of provably-correct code

[Re-send, I am not sure the first copy made it to the list] > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] ] On Behalf Of Crispin Cowan > Sent: 21 July 2006 18:45 > To: mikeiscool > Cc: SC-L@securecoding.org > Subject: Re: [SC-L] bump

Re: [SC-L] How can we stop the spreading insecure coding examplesattraining classes, etc.?

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hollebeek > Sent: 30 August 2006 18:23 > To: 'Wall, Kevin'; SC-L@securecoding.org > Subject: Re: [SC-L] How can we stop the spreading insecure > coding examplesattraining classes, etc.? > > >

Re: [SC-L] Why Shouldn't I use C++?

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robert C. Seacord > Sent: 01 November 2006 10:16 > To: Ben Corneau > Cc: SC-L@securecoding.org > Subject: Re: [SC-L] Why Shouldn't I use C++? > > Ben, > > I would not go so far as to say never use

Re: [SC-L] Compilers

[snip] > Isn't the whole basis of Spark a matter of adding proof > statements in the comments ? I don't think the general > compiler marketplace would go for that built-in to compilers. > After all: > > 1. The Praxis implementation can be used with multiple compilers > > 2. Th

Re: [SC-L] Compilers

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of ljknews > Sent: 02 January 2007 14:20 > To: Secure Coding > Subject: Re: [SC-L] Compilers > > At 2:18 PM + 1/2/07, Peter Amey wrote: > > [snip] > >

Re: [SC-L] Tools: Evaluation Criteria

em to have any "deep" criteria. I guess at some level, choosing any tool will move the needle, but investments really should be longer term. [PNA] Agreed Peter --

Re: [SC-L] Tools: Evaluation Criteria

70% of square windows but miss others and produce false alarms in yet other cases. Buffer overflows are the square windows of secure software: we shouldn't be /scanning/ for them but using languages and tools that /prevent/ their introduction. Regards Peter ------

Re: [SC-L] Tools: Evaluation Criteria

> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Wall, Kevin > Sent: 24 May 2007 12:45 > To: McGovern, James F (HTSC, IT) > Cc: SC-L@securecoding.org > Subject: Re: [SC-L] Tools: Evaluation Criteria > > James McGovern wrote... > > > Maybe folks a

Re: [SC-L] But what proof do we have that any of it makes a difference?

t; You might find some useful evidence here: http://www.praxis-his.com/pdfs/issse2006tokeneer.pdf The NSA were cetainly impressed with benefits of a rigorous engineering approach to software development. Peter Peter Amey BSc ACGI CEng C