RE: [SC-L] Interesting article on the adoption of Software Security

2004-06-11 Thread Michael S Hines
Environment (LE) before .NET come along. It all sort of runs together over time - it seems. Mike Hines --- Michael S Hines [EMAIL PROTECTED]

[SC-L] IBM OS Source Code

2004-06-11 Thread Michael S Hines
I was a bit wrong earlier.. IBM System Programming language was PL/X (not PL/M)... Here's a link to an older reference manual... http://www.bitsavers.org/pdf/ibm/360/pls/GC28-6794-0_PLSIIguideMay74.pdf Mike H. --- Michael S Hines [EMAIL PROTECTED]

RE: [SC-L] ACM Queue article and security education

2004-06-30 Thread Michael S Hines
platform interfaces. Aren't we introducing inherient security flaws in the process? Mike Hines --- Michael S Hines [EMAIL PROTECTED]

RE: [SC-L] ACM Queue article and security education

2004-07-01 Thread Michael S Hines
development has outpaced SW development - to the tune where we hardly notice the performance hit at all. After all, now fast can one person type (grin)? It's always a trade off... HW/SW. Mike Hines --- Michael S Hines [EMAIL PROTECTED] -Original Message

RE: [SC-L] How do we improve s/w developer awareness?

2004-12-02 Thread Michael S Hines
. There are plenty of problems to go around. (see the work done at Univ of Wisconsin - the Fuzz Testing project http://www.cs.wisc.edu/~bart/fuzz/fuzz.html ) Mike Hines --- Michael S Hines [EMAIL PROTECTED]

RE: [SC-L] Application Insecurity --- Who is at Fault?

2005-04-06 Thread Michael S Hines
Wonder what happens if we apply that same logic to building design or bridge design and contstruction? Those who don't place blame at the source are just trying to blame shift. Bad idea.. Mike Hines --- Michael S Hines [EMAIL PROTECTED] -Original

RE: [SC-L] Intel turning to hardware for rootkit detection

2005-12-13 Thread Michael S Hines
hardware (figuratively speaking). Just wondering... Mike Hines --- Michael S Hines [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman

RE: [SC-L] Intel turning to hardware for rootkit detection

2005-12-14 Thread Michael S Hines
the original "smashguard" work was based entirely on Alpha chips. cheers, .mudge On Dec 13, 2005, at 15:19, Michael S Hines wrote: Doesn't a hardware 'feature' such as this lock software into a two-state model (user/priv)? Who's to say

FW: [SC-L] 4 Questions: Latest IE vulnerability, Firefox vs IE security, User vs Admin risk profile, and browsers coded in 100% Managed Verifiable code

2006-03-27 Thread Michael S Hines
Isn't it possible to break out of the sandbox even with managed code? (That is, can't managed code call out to unmanaged code, i.e. Java call to C++)? I was thinking this was documented for Java - perhaps for various flavors of .Net too? --- Michael S Hines

RE: [SC-L] Segments, eh Smithers?

2006-04-04 Thread Michael S Hines
Or consider the IBM Mainframe and z/OS Operating Systems - protected memory and paging together - also privileged programs vs. application programs, also prefetched programs vs loaded on demand programs. Mike Hines Mainframe Systems Programmer --- Michael S

[SC-L] Coding with errors in mind - a solution?

2006-08-30 Thread Michael S Hines
a simple structure that provides for errors would go a long way... If - then - else - on error Do - end - on error Let x = y - on error Let x = function() on error etc... The problem is writing code without thinking of the possible errors that might arise. This forces you to think about

Re: [SC-L] Retrying exceptions - was 'Coding with errors in mind'

2006-09-06 Thread Michael S Hines
can reclassify an error and report it back up, but you've got to get it in the loop. /snip -gp Quoting Michael S Hines [EMAIL PROTECTED]: That's a rather pragmatic view, isn't it? Perhaps if other language constructs are not used, they should be removed? OTOH - perhaps the fault

Re: [SC-L] Dr. Dobb's | The Truth About Software Security | January 20, 2007

2007-01-30 Thread Michael S Hines
are perfect either. There is only one way to get it right, yet so many ways to get it wrong. Mike Hines - Michael S Hines [EMAIL PROTECTED] _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kenneth Van Wyk Sent: Tuesday, January 30, 2007 5:25

Re: [SC-L] What defines an InfoSec Professional?

2007-03-09 Thread Michael S Hines
are not - are we? Mike Hines - Michael S Hines [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http

[SC-L] FW: What's the next tech problem to be solved in softwaresecurity?

2007-06-06 Thread Michael S Hines
. - Michael S Hines [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http

Re: [SC-L] Perspectives on Code Scanning

2007-06-07 Thread Michael S Hines
and that's the problem. the accountability for insecure coding should reside with the developers. it's their fault [mostly]. The customers have most of the power, but the security community has collectively failed to educate customers on how to ask for more secure software. There are pockets

[SC-L] The Specifications of the Thing

2007-06-12 Thread Michael S Hines
S Hines [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crispin Cowan Sent: Monday, June 11, 2007 5:50 PM To: Gary McGraw Cc: SC-L@securecoding.org; Blue Boar Subject: Re: [SC-L] Harvard vs. von Neumann Gary McGraw wrote: Though I

Re: [SC-L] Insider threats and software

2007-08-16 Thread Michael S Hines
- which is another topic). Am I missing the point? Or are you thinking of something that checks message queues for proper semantics and syntax (since some OS's are message based and work from message queues)? M. - Michael S Hines [EMAIL PROTECTED] -Original