Secure Coding mailing list archives
Re: Re: Application Insecurity --- Who is at Fault?
From: ljknews <ljknews () mac com>
Date: Tue, 12 Apr 2005 15:49:54 +0100
At 4:21 PM -0400 4/11/05, Dave Paris wrote:
Joel Kamentz wrote:Re: bridges and stuff. I'm tempted to argue (though not with certainty) that it seems that the bridge analogy is flawed in another way -- that of the environment. While many programming languages have similarities and many things apply to all programming, there are many things which do not translate (or at least not readily). Isn't this like trying to engineer a bridge with a brand new substance, or when the gravitational constant changes? And even the physical disciplines collide with the unexpected -- corrosion, resonance, metal fatigue, etc. To their credit, they appear far better at dispersing and applying the knowledge from past failures than the software world.Corrosion, resonance, metal fatigue all have counterparts in the software world. glibc flaws, kernel flaws, compiler flaws. Each of these is an outside influence on the application - just as environmental stressors are on a physical structure.
Corrosion and metal fatigue actually get worse as time goes on. Software flaws correspond more to resonance, where there is a defect in design or implementation. -- Larry Kilgallen
Current thread:
- RE: Application Insecurity --- Who is at Fault?, (continued)
- RE: Application Insecurity --- Who is at Fault? Michael S Hines (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Jeff Williams (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Jeff Williams (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? ljknews (Apr 12)
- RE: Re: Application Insecurity --- Who is at Fault? ljknews (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)