Re: [SC-L] Tools: Evaluation Criteria

2007-05-24 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Wall, Kevin Sent: 24 May 2007 12:45 To: McGovern, James F (HTSC, IT) Cc: SC-L@securecoding.org Subject: Re: [SC-L] Tools: Evaluation Criteria James McGovern wrote... Maybe folks are still

Re: [SC-L] Tools: Evaluation Criteria

2007-05-23 Thread Peter Amey
other cases. Buffer overflows are the square windows of secure software: we shouldn't be /scanning/ for them but using languages and tools that /prevent/ their introduction. Regards Peter Peter Amey BSc ACGI CEng CITP MRAes FBCS CTO

Re: [SC-L] Tools: Evaluation Criteria

2007-05-22 Thread Peter Amey
criteria. I guess at some level, choosing any tool will move the needle, but investments really should be longer term. [PNA] Agreed Peter Peter Amey BSc ACGI

Re: [SC-L] Compilers

2007-01-02 Thread Peter Amey
[snip] Isn't the whole basis of Spark a matter of adding proof statements in the comments ? I don't think the general compiler marketplace would go for that built-in to compilers. After all: 1. The Praxis implementation can be used with multiple compilers 2. The

Re: [SC-L] Compilers

2007-01-02 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ljknews Sent: 02 January 2007 14:20 To: Secure Coding Subject: Re: [SC-L] Compilers At 2:18 PM + 1/2/07, Peter Amey wrote: [snip] We think so! However, like everything else

Re: [SC-L] Why Shouldn't I use C++?

2006-11-01 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robert C. Seacord Sent: 01 November 2006 10:16 To: Ben Corneau Cc: SC-L@securecoding.org Subject: Re: [SC-L] Why Shouldn't I use C++? Ben, I would not go so far as to say never use C++. It

Re: [SC-L] How can we stop the spreading insecure coding examplesattraining classes, etc.?

2006-08-31 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Hollebeek Sent: 30 August 2006 18:23 To: 'Wall, Kevin'; SC-L@securecoding.org Subject: Re: [SC-L] How can we stop the spreading insecure coding examplesattraining classes, etc.? Really,

RE: [SC-L] Theoretical question about vulnerabilities

2005-04-13 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of der Mouse Sent: 12 April 2005 05:15 To: SC-L@securecoding.org Subject: Re: [SC-L] Theoretical question about vulnerabilities [B]uffer overflows can always be avoided, because if there is ANY input

RE: [SC-L] Programming languages used for security

2004-07-12 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of ljknews Sent: 12 July 2004 14:24 To: [EMAIL PROTECTED] Subject: Re: [SC-L] Programming languages used for security At 3:55 PM -0700 7/10/04, Crispin Cowan wrote: However, I think I do see a

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-09 Thread Peter Amey
-Original Message- From: Crispin Cowan [mailto:[EMAIL PROTECTED] Sent: 09 July 2004 04:27 To: Peter Amey Cc: ljknews; [EMAIL PROTECTED] Subject: Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content) Peter Amey wrote: What is wrong

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-08 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Crispin Cowan Sent: 07 July 2004 23:29 To: ljknews Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content) ljknews wrote: What is

RE: [SC-L] Education and security -- another perspective (was ACM Queue - Content)

2004-07-08 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of der Mouse Sent: 08 July 2004 03:47 To: [EMAIL PROTECTED] Subject: Re: [SC-L] Education and security -- another perspective (was ACM Queue - Content) I see both of you willing to mandate the

RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Blue Boar Sent: 01 July 2004 21:03 To: ljknews Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education ljknews wrote: I think it will be properly considered when the

RE: [SC-L] ACM Queue article and security education

2004-07-02 Thread Peter Amey
-Original Message- From: Blue Boar [mailto:[EMAIL PROTECTED] Sent: 01 July 2004 17:11 To: Peter Amey Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] ACM Queue article and security education Peter Amey wrote: There are languages which are more suitable for the construction

RE: [SC-L] ACM Queue article and security education

2004-07-01 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael S Hines Sent: 30 June 2004 17:00 To: [EMAIL PROTECTED] Subject: RE: [SC-L] ACM Queue article and security education If the state of the art in automobile design had progressed as fast as

RE: [SC-L] SPI, Ounce Labs Target Poorly Written Code

2004-06-29 Thread Peter Amey
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Blue Boar Sent: 28 June 2004 21:35 To: Kenneth R. van Wyk Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code Kenneth R. van Wyk wrote: The article quotes SPI

RE: [SC-L] opinion, ACM Queue: Buffer Overrun Madness

2004-06-09 Thread Peter Amey
der Mouse (Maus surely?) wrote [snip] Well, actually, but for the world's addiction to sloppy coding. It's entirely possible to avoid buffer overflows in C; it just requires a little care in coding. C's major failing in this regard - and I don't actually consider it all that major - is