Re: [SC-L] What's the next tech problem to be solved in software

2007-06-11 Thread Bennett, Jason
Lots of interesting points been raised in thread so here a few points I've picked out: - It's the developer's fault: A few comments were made that the lack of security lies at the door of the developers because they implement insecure code. True to an extent but I don't think you can blame

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-10 Thread Kenneth Van Wyk
First off, many thanks to all who've contributed to this thread. The responses and range of opinions I find fascinating, and I hope that others have found value in it as well. Great stuff, keep it coming. That said, I see us going towards that favorite of rat-holes here, namely the my

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-09 Thread der Mouse
Immunity from buffer overflows has been around for 30 years. The fact that some set of developers choose to ignore the languages that provide it does not make the next environment that provides it an improvement for the industry. I'd disagree - if it means a significant increase in people

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-09 Thread ljknews
At 8:33 AM -0400 6/9/07, der Mouse wrote: Immunity from buffer overflows has been around for 30 years. The fact that some set of developers choose to ignore the languages that provide it does not make the next environment that provides it an improvement for the industry. I'd disagree - if

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-08 Thread Stephen de Vries
On 8 Jun 2007, at 02:23, Steven M. Christey wrote: More modern languages advertise security but aren't necessarily catch-alls. At the same time, the improvements in security made by managed code (e.g. the JRE and .NET runtimes) for example, should not be understated. The fact that apps

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-08 Thread ljknews
At 9:53 AM +0200 6/8/07, Stephen de Vries wrote: On 8 Jun 2007, at 02:23, Steven M. Christey wrote: More modern languages advertise security but aren't necessarily catch-alls. At the same time, the improvements in security made by managed code (e.g. the JRE and .NET runtimes) for

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-08 Thread Leichter, Jerry
On Thu, 7 Jun 2007, Steven M. Christey wrote: | On Wed, 6 Jun 2007, Wietse Venema wrote: | | more and more people, with less and less experience, will be | programming computer systems. | | The challenge is to provide environments that allow less experienced | people to program computer

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-07 Thread Steven M. Christey
On Wed, 6 Jun 2007, Wietse Venema wrote: more and more people, with less and less experience, will be programming computer systems. The challenge is to provide environments that allow less experienced people to program computer systems without introducing gaping holes or other unexpected

Re: [SC-L] What's the next tech problem to be solved in software

2007-06-07 Thread bugtraq
On Wed, 6 Jun 2007, Wietse Venema wrote: more and more people, with less and less experience, will be programming computer systems. The challenge is to provide environments that allow less experienced people to program computer systems without introducing gaping holes or other

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-07 Thread Benjamin Livshits
I've recently been working on providing better secure programming defaults. There's a great opportunity for doing so for applications written on top of frameworks/libraries. See our paper Towards Security by Construction for Web 2.0 Applications at a recent W2SP workshop. -Ben On 6/7/07,

[SC-L] What's the next tech problem to be solved in software security?

2007-06-06 Thread Kenneth Van Wyk
Hi SC-L, [Hmmm, this didn't make it out to the list as I'd expected, so here's a 2nd try. Apologies for any duplicates. KRvW] At the SC-L BoF sessions held to date (which admittedly is not exactly a huge number, but I'm doing my best to see them continue), I like to ask those that attend

Re: [SC-L] What's the next tech problem to be solved in software security?

2007-06-06 Thread Michael Silk
you've got a few questions there ... i'll answer the first one. i might copy the suggestion from someone [i can't remember who at the moment] who suggested the next step in programming in-general is more parallel programs [in order to increase speed]. this is obviously complicated and will create