> Sorry, but it is a fact. Yes, you can have provably correct code. Cost
> is approximately $20,000 per line of code. That is what the "procedures"
> required for correct code cost. Oh, and they are kind of super-linear,
> so one program of 200 lines costs more than 2 programs of 100 lines.
Someon
mikeiscool wrote:
> On 7/21/06, Dana Epp <[EMAIL PROTECTED]> wrote:
>
>>> yeah.
>>> but none of this changes the fact that it IS possible to write completely
>>> secure code.
>>>
>> And it IS possible that a man will walk on Mars someday. But its not
>> practical or realistic in the soci
ware (ljknews)
> 8. Re: bumper sticker slogan for secure software (Dana Epp)
> 9. Re: bumper sticker slogan for secure software (John Wilander)
>
>
> --
>
> Message: 1
> Date: Thu, 20 Jul 2006 15:11:06
I've actually been using a secure software slogan for a few years, both in
teaching and in pitching business. It's taken from Howard and LeBlanc's
book "Writing Secure Code":
- Security features are not secure features -
The statement mesmerizes people and aguably needs a "necessarily" to be
more
On 7/21/06, Dana Epp <[EMAIL PROTECTED]> wrote:
> > yeah.
> > but none of this changes the fact that it IS possible to write
> completely secure code.
> > -- mic
>
> And it IS possible that a man will walk on Mars someday. But its not
> practical or realistic in the society we live in today. I'm so
> What is important is that some magic formal tool could say that some
> code in language "A", where bug of type "k" is possible, is not
> equivalent to the version in language "B", where type "k" bugs are
> impossible, ergo you have found a type "k" bug (in the absence of any
> other bug in that s
>> You might want to read Thompson's classic "reflections on trusting
>> trust". www.acm.org/classics/sep95
> While that is always a good read, I'm not so sure it's that relevant
> anymore. There is a LOT of binary analysis going on these days.
Yes - but you're trusting your binary analysis tool
P]
http://silverstr.ufies.org/blog/
-Original Message-
From: mikeiscool [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 20, 2006 3:25 PM
To: Wall, Kevin
Cc: Dana Epp; SC-L@securecoding.org
Subject: Re: [SC-L] bumper sticker slogan for secure software
> BTW, does anyone besides me think that
At 9:46 PM +0200 7/20/06, Florian Weimer wrote:
> * Pascal Meunier:
>
>> But it's true for stupid bugs like buffer overflows and format string
>> vulnerabilities, in which we're still swimming, and the proof is the fact
>> that those aren't possible in some languages.
>
> Could you name a few such
At 9:11 PM +0200 7/20/06, Florian Weimer wrote:
> Most things in this list are implemented in C or C++, but the problems
> are at such a high level that it's unlikely that a different choice of
> wildly different programming language would make a huge difference.
> If you look at lower-level bugs,
* Pascal Meunier:
> But it's true for stupid bugs like buffer overflows and format string
> vulnerabilities, in which we're still swimming, and the proof is the fact
> that those aren't possible in some languages.
Could you name a few such language implementations? 8-)
In most cases, the compone
On 7/20/06 3:11 PM, "Florian Weimer" <[EMAIL PROTECTED]> wrote:
> * Pascal Meunier:
>
>> Also, writing it twice with different languages, especially at different
>> levels of abstraction, makes it less likely that the same bugs will appear
>> in both.
>
> Algorithmic issues such as denial of
On 7/20/06 3:46 PM, "Florian Weimer" <[EMAIL PROTECTED]> wrote:
> * Pascal Meunier:
>
>> But it's true for stupid bugs like buffer overflows and format string
>> vulnerabilities, in which we're still swimming, and the proof is the fact
>> that those aren't possible in some languages.
>
> Coul
| Absolute security is a myth. As is designing absolutely secure
| software.
| >>
| >>> I have high hopes in formal methods.
| >>
| >> All formal methods do is push bugs around...
| >
| > But people are forced to spend more time with the code, which
| > generally helps them (in partic
ing for more of it and better ways
to do it. Now if you order a cat and needed a dog, nobody can help you.
Pascal
>
> -Original Message-
> From: Pascal Meunier [mailto:[EMAIL PROTECTED]
> Sent: Thu Jul 20 13:54:42 2006
> To: Florian Weimer; der Mouse
> Cc: SC-L@sec
* Pascal Meunier:
> Also, writing it twice with different languages, especially at different
> levels of abstraction, makes it less likely that the same bugs will appear
> in both.
Algorithmic issues such as denial of service attacks through
unbalanced binary trees or hash table collisions are pr
Gary McGraw wrote:
> And don't forget about the compiler you will no doubt have to use. Do you
> trust that?
>
> You might want to read Thompson's classic "reflections on trusting trust".
> www.acm.org/classics/sep95
>
> All your compilers are belong to us.
While that is always a good read,
lverbullet
book www.swsec.com
-Original Message-
From: Pascal Meunier [mailto:[EMAIL PROTECTED]
Sent: Thu Jul 20 13:54:42 2006
To: Florian Weimer; der Mouse
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] bumper sticker slogan for secure software
On 7/20/06 11:58 AM, "Flo
On 7/20/06 11:58 AM, "Florian Weimer" <[EMAIL PROTECTED]> wrote:
> * der Mouse:
>
Absolute security is a myth. As is designing absolutely secure
software.
>>
>>> I have high hopes in formal methods.
>>
>> All formal methods do is push bugs around. Basically, you end up
>> writing
Dana,
Regarding your remarks about writing perfectly secure code...
well put.
And your remarks about Ross Anderson...
> Ross Anderson once said that secure software engineering is about
> building systems to remain dependable in the face of malice, error,
> or mischance. I think he has something
* der Mouse:
>>> Absolute security is a myth. As is designing absolutely secure
>>> software.
>
>> I have high hopes in formal methods.
>
> All formal methods do is push bugs around. Basically, you end up
> writing in a higher-level language (the spec you are formally verifying
> the program mee
tal.com/silverbullet
book www.swsec.com
-Original Message-
From: Dana Epp [mailto:[EMAIL PROTECTED]
Sent: Thu Jul 20 12:14:54 2006
To: Andrew van der Stock
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] bumper sticker slogan for secure software
> yeah.
> but non
> yeah.
> but none of this changes the fact that it IS possible to write
completely secure code.
> -- mic
And it IS possible that a man will walk on Mars someday. But its not
practical or realistic in the society we live in today. I'm sorry mic,
but I have to disagree with you here.
It is EXTREME
On 7/20/06, Andrew van der Stock <[EMAIL PROTECTED]> wrote:
> Actually, it is a myth.
>
> For every non-trivial system, there are business pressures on
> resourcing, deadlines, and acceptable quality (pick any two). Once a
> business has set their taste for risk, it makes no sense to spend say
> $1
>> Absolute security is a myth. As is designing absolutely secure
>> software.
> I have high hopes in formal methods.
All formal methods do is push bugs around. Basically, you end up
writing in a higher-level language (the spec you are formally verifying
the program meets). You are then subjec
Actually, it is a myth.
For every non-trivial system, there are business pressures on
resourcing, deadlines, and acceptable quality (pick any two). Once a
business has set their taste for risk, it makes no sense to spend say
$10m on security controls on a product and delay it for six months
On 7/18/06 11:45 AM, "Dana Epp" <[EMAIL PROTECTED]> wrote:
> Or perhaps less arrogance in believing "it won't sink".
>
> Absolute security is a myth. As is designing absolutely secure software.
I have high hopes in formal methods.
> It is a lofty goal, but one of an absolute that just isn't
On 7/19/06, Dana Epp <[EMAIL PROTECTED]> wrote:
> Or perhaps less arrogance in believing "it won't sink".
>
> Absolute security is a myth.
no it isn't. pretending it is a 'myth' is an attempt by sloppy
programmers and designers to explain away the reasons for their
applications failing.
> As is
well...
there's no possible definition...
unless programmers start thinking and acting in another way, and who
commissions the software respect and pays for the real value of it, and
users understand the value,
Secure Software is an Oxymoron
(there may be a reason why this has "moron" inside..
Dana Epp:
> Or perhaps less arrogance in believing "it won't sink".
Absolutely. Here's my $0.02:
secure software fails safely
Any non-trivial piece of software has defects. My challenge is not
to eliminate the last defect, but to make the system safe to use
(for some appropriate definiti
Best for older cars...
"My other car is a bit more secure"
Best for Volvos (or pick another high safety brand):
"I wish my finance systems are as safe as this car"
"Honk if you want secure software"
"Who has your data? Ask for secure software next time"
thanks,
Andrew
smime.p7s
Description: S
Or perhaps less arrogance in believing "it won't sink".
Absolute security is a myth. As is designing absolutely secure software.
It is a lofty goal, but one of an absolute that just isn't achievable as
threats change and new attack patterns are found. Designing secure
software is about attaining a
Or if not Toastmasters, Actors' Studio. :)
--
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.902.6981
[EMAIL PROTECTED]
> -Original Message-
> Another useful thing would be if all engineers would enroll
> in Toastmasters, but that's another story. ;-)
>
> -Dave, Governor of T
33 matches
Mail list logo