Re: [SC-L] Harvard vs. von Neumann

2007-06-15 Thread Kenneth Van Wyk
On Jun 14, 2007, at 3:51 PM, Gary McGraw wrote: I am in complete agreement with your thinking, which is why one of the touchpoints (and chapter 9 of Software Security is about operations. Ken knows more about this than any of us, but he's on a plane now...right Ken? Wow, I'd stop far

Re: [SC-L] Harvard vs. von Neumann

2007-06-13 Thread Gary McGraw
, June 11, 2007 05:50 PM Eastern Standard Time To: Gary McGraw Cc: Blue Boar; SC-L@securecoding.org Subject:Re: [SC-L] Harvard vs. von Neumann Gary McGraw wrote: Though I don't quite understand computer science theory in the same way that Crispin does, I do think it is worth

Re: [SC-L] Harvard vs. von Neumann

2007-06-12 Thread Crispin Cowan
Gary McGraw wrote: Though I don't quite understand computer science theory in the same way that Crispin does, I do think it is worth pointing out that there are two major kinds of security defects in software: bugs at the implementation level, and flaws at the design/spec level. I think

Re: [SC-L] Harvard vs. von Neumann

2007-06-12 Thread Steven M. Christey
On Mon, 11 Jun 2007, Crispin Cowan wrote: Gary McGraw wrote: Though I don't quite understand computer science theory in the same way that Crispin does, I do think it is worth pointing out that there are two major kinds of security defects in software: bugs at the implementation

Re: [SC-L] Harvard vs. von Neumann

2007-06-12 Thread Crispin Cowan
Steven M. Christey wrote: On Mon, 11 Jun 2007, Crispin Cowan wrote: Kind of. I'm saying that specification and implementation are relative to each other: at one level, a spec can say put an iterative loop here and implementation of a bunch of x86 instructions. I agree with this

Re: [SC-L] Harvard vs. von Neumann

2007-06-12 Thread Steven M. Christey
I agree with Ryan, at the top skill levels anyway. Binary reverse engineering seems to have evolved to the point where I refer to binary as source-equivalent, and I was told by some well-known applied researcher that some vulns are easier to find in binary than source. But the bulk of public

Re: [SC-L] Harvard vs. von Neumann

2007-06-12 Thread Blue Boar
Crispin Cowan wrote: Do you suppose it is because of the different techniques researchers use to detect vulnerabilities in source code vs. binary-only code? Or is that a bad assumption because the hax0rs have Microsoft's source code anyway? :-) I'm in the process of hiring an outside firm for

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread der Mouse
Like it or not, the Web doesn't work right without Javascript now. Depends on what you mean by the Web and work right. Fortunately, for at least some people's values of those, this is not true. /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread David Crocker
Crispin Cowen wrote: IMHO, all this hand wringing is for naught. To get systems that never fail requires total correctness. Turing tells us that total correctness is not decidable, so you simply never will get it completely, you will only get approximations at best. What Turing actually tells

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread Gary McGraw
/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Crispin Cowan Sent: Monday, June 11, 2007 2:33 AM To: Blue Boar Cc: SC-L@securecoding.org Subject: Re: [SC-L] Harvard vs. von Neumann IMHO, all

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread der Mouse
What Turing actually tells us is that it is possible to construct programs that may be correct but whose correctness is not decidable. This is a far cry from saying that it is not possible to build well-structured programs whose correctness _is_ decidable. True as far as it goes - but don't

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread ljknews
At 9:00 AM -0400 6/11/07, Gary McGraw wrote: If we assumed perfection at the implementation level (through better languages, say), then we would end up solving roughly 50% of the software security problem. Clearly we need to make some progress at the architecture/design level to attain

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread David Crocker
der Mouse wrote: What Turing actually tells us is that it is possible to construct programs that may be correct but whose correctness is not decidable. This is a far cry from saying that it is not possible to build well-structured programs whose correctness _is_ decidable. True as far as

Re: [SC-L] Harvard vs. von Neumann

2007-06-11 Thread Blue Boar
der Mouse wrote: Like it or not, the Web doesn't work right without Javascript now. Depends on what you mean by the Web and work right. Fortunately, for at least some people's values of those, this is not true. Obviously, I'm oversimplifying. I claim that there are enough web sites that