First off, many thanks to all who've contributed to this thread. The
responses and range of opinions I find fascinating, and I hope that
others have found value in it as well. Great stuff, keep it coming.
That said, I see us going towards that favorite of rat-holes here,
namely the "my pr
At 8:33 AM -0400 6/9/07, der Mouse wrote:
>> Immunity from buffer overflows has been around for 30 years. The
>> fact that some set of developers choose to ignore the languages that
>> provide it does not make the next environment that provides it an
>> improvement for the industry.
>
> I'd disa
> Immunity from buffer overflows has been around for 30 years. The
> fact that some set of developers choose to ignore the languages that
> provide it does not make the next environment that provides it an
> improvement for the industry.
I'd disagree - if it means a significant increase in people
On Thu, 7 Jun 2007, Steven M. Christey wrote:
| On Wed, 6 Jun 2007, Wietse Venema wrote:
|
| > more and more people, with less and less experience, will be
| > "programming" computer systems.
| >
| > The challenge is to provide environments that allow less experienced
| > people to "program" compu
At 9:53 AM +0200 6/8/07, Stephen de Vries wrote:
> On 8 Jun 2007, at 02:23, Steven M. Christey wrote:
>>
>> More modern languages advertise security but aren't necessarily
>> catch-alls.
>
> At the same time, the improvements in security made by managed code
> (e.g. the JRE and .NET runtimes) fo
On 8 Jun 2007, at 02:23, Steven M. Christey wrote:
>
> More modern languages advertise security but aren't necessarily
> catch-alls.
At the same time, the improvements in security made by managed code
(e.g. the JRE and .NET runtimes) for example, should not be
understated. The fact that apps
I've recently been working on providing better secure programming
defaults. There's a great opportunity for doing so for applications
written on top of frameworks/libraries.
See our paper " Towards Security by Construction for Web 2.0
Applications" at a recent W2SP workshop.
-Ben
On 6/7/07, Stev
On Wed, 6 Jun 2007, Wietse Venema wrote:
> more and more people, with less and less experience, will be
> "programming" computer systems.
>
> The challenge is to provide environments that allow less experienced
> people to "program" computer systems without introducing gaping
> holes or other une
Kenneth Van Wyk:
> What do you think is the _next_ technological problem for the
> software security community to solve? PLEASE, let's NOT go down the
> rat hole of senior management buy-in, use [this language], etc. (In
> fact, be warned that I will /dev/null any responses in this thread
you've got a few questions there ... i'll answer the first one.
i might copy the suggestion from someone [i can't remember who at the
moment] who suggested the next step in programming in-general is more
parallel programs [in order to increase speed]. this is obviously
complicated and will create
10 matches
Mail list logo