Re: [SC-L] Programming languages used for security

2004-07-12 Thread Crispin Cowan
David Crocker wrote: Crispin Cowan wrote: The above is the art of programming language design. Programs written in high-level languages are *precisely* specifications that result in the system generating the program, thereby saving time and eliminating coding error. You will find exactly those argu

Re: [SC-L] Programming languages used for security

2004-07-12 Thread ljknews
At 3:55 PM -0700 7/10/04, Crispin Cowan wrote: > However, I think I do see a gap between these extremes. You could have > a formal specification that can be mechanically transformed into a > *checker* program that verifies that a solution is correct, but cannot > actually generate a correct soluti

Re: [SC-L] Education and security -- another perspective (was "ACM Queue - Content")

2004-07-12 Thread Fernando Schapachnik
En un mensaje anterior, Blue Boar escribió: > Fernando Schapachnik wrote: > >I smell a discusion going nowhere. What is the point of teaching a > >languague? > >Teach them to program in a paradigm (better, in all of them, and give them > >the > >tools to make educated choices about which is bette

RE: [SC-L] Programming languages used for security

2004-07-12 Thread Peter Amey
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > Behalf Of ljknews > Sent: 12 July 2004 14:24 > To: [EMAIL PROTECTED] > Subject: Re: [SC-L] Programming languages used for security > > > At 3:55 PM -0700 7/10/04, Crispin Cowan wrote: > > > However, I think I

RE: [SC-L] Programming languages used for security

2004-07-12 Thread Jeremy Epstein
der Mouse is correct. I recall a product from the early 80s called "The Last One". There was an advertisement for the product on Prof Doug Comer's door when I was a grad student at Purdue... the claim was that this product made designing applications so simple that you'd never have to program aga

[SC-L] Secure Coding Themes

2004-07-12 Thread Blue Boar
So in all the discussions, I think I'm seeing several main themes: -Some holes are design or logic errors (possible in any language) -Some holes are failures to code safely in a given language (language specific; possibly addressable by switching to a "safer" language) -Some holes are harder to im

Re: [SC-L] Programming languages used for security

2004-07-12 Thread Jeff Williams
> To get REALLY back to the point, I'd like to comment on Fabien's comment > that "In my opinion, it's the most important things for a languages, > something to easily validate user input or to encrypt password are a must > have." Fabien is right, but increasingly that's only half the problem. > T