Secure Coding mailing list archives
Compilers
From: ljknews at mac.com (ljknews)
Date: Thu, 21 Dec 2006 11:19:14 -0500
At 10:30 AM -0500 12/21/06, McGovern, James F (HTSC, IT) wrote:
Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C72514.FE7A042C" I have been noodling the problem space of secure coding after attending a wonderful class taught by Ken Van Wyk. I have been casually checking out Fortify, Ounce Labs, etc and have a thought that this stuff should really be part of the compiler and not a standalone product. Understanding that folks do start companies to make up deficiencies in what large vendors ignore, how far off base in my thinking am I?
Isn't the whole basis of Spark a matter of adding proof statements in the comments ? I don't think the general compiler marketplace would go for that built-in to compilers. After all: 1. The Praxis implementation can be used with multiple compilers 2. The compiler market is so immature that some people are still using C, C++ and Java. But for the high-integrity market, Spark seems to fit the bill. -- Larry Kilgallen
Current thread:
- PHP security under scrutiny Kenneth Van Wyk (Dec 19)
- PHP security under scrutiny J. M. Seitz (Dec 19)
- Compilers McGovern, James F (HTSC, IT) (Dec 21)
- Compilers ljknews (Dec 21)
- Compilers Crispin Cowan (Dec 25)
- Compilers Florian Weimer (Dec 29)