provide an
operator to return the value of the limit, and an indexing operator (with
optional bounds checking). If you really must, you can even implement pointer
arithmetic operators for the class which update the limit at the same time as
updating the pointer.
David Crocker
Consultancy
to write specifications, verify them, and let
a code generator produce correct C++ from them; but that is another story.]
David Crocker
Consultancy contracting for dependable software development
www.eschertech.com
development.
David Crocker
Consultancy, contracting and tools for dependable software development
www.eschertech.com
classes of embedded
applications].
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
Kevin Wall wrote:
If a GENERAL PURPOSE programming language were designed by
scratch by someone who was both a security expert
), and the browser address bar
always shows the full URL of the current page.
David Crocker
Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
. This is why in PD we have a
semantic distinction between specification and implementation, and you can't
write an implementation without having a specification to attach it to.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
themselves. Is it enough to look for violations of some invariants (rules)
without knowing how they happened?
The problem is that while you can enumerate the set of invariants that you
currently know are important, you don't know how the set may need to be expanded
in the future.
David Crocker
initialisation
rule. We have to generate dummy initialisations in such cases.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
vulnerability.
So the better approach is to design the program so that there can be no buffer
overflows; and then verify through proof (backed up by testing) that you have
achieved that goal.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software
the password; if the password
is lost, it has to be reset to a new one.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of john
by way of return codes etc. to a point
at which some remedial action can be taken. Exceptions can certainly be misused,
but they are much better than the alternatives in many situations.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
be
tolerated.
However, I suspect that most security-critical programs do not fall into either
of these categories, so C# or Java would indeed be a better choice than C++ for
those programs.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
company provided one of the teams working on this problem, and we found
it is quite a challenge to prove the protocol correct by fully-automatic means.
Proofs that software is free from buffer overflows for all possible inputs are
almost trivial by comparison.
Regards
David Crocker, Escher Technologies
- but the same is
true of C programs. Poorly-performing programs can be written in either
language.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
-Original Message-
From: Crispin Cowan [mailto:[EMAIL
case you might be able to make a case that the hardware cost saving outweighs
the higher cost and time to develop in C++ rather than Java or C#. Otherwise,
for application-level programming, Java or C# would generally be a more
productive choice.
Regards
David Crocker, Escher Technologies Ltd
- including its resistance to
hostile input. Until we do so, we will be doing little more than patching up
outdated technology.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
-Original Message-
From: [EMAIL
the stated requirements, as long as
these are well-defined.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
a development process that ensures that the finished software meets the
requirements.
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
___
Secure Coding mailing list (SC-L) SC-L
/SEFM07 for more details.
Regards,
David Crocker, Escher Technologies Ltd.
Consultancy, contracting and tools for dependable software development
www.eschertech.com
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information
meant #ifdef FRED, the compiler doesn't warn you, and the conditional
may not be interpreted as was intended.
Best regards
David Crocker, Escher Technologies Ltd.
http://www.eschertech.com
-Original Message-
From: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org
20 matches
Mail list logo
