Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

What's the next tech problem to be solved in software

From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net)
Date: Thu, 7 Jun 2007 21:10:05 -0400 (EDT)


On Wed, 6 Jun 2007, Wietse Venema wrote:


more and more people, with less and less experience, will be
"programming" computer systems.

The challenge is to provide environments that allow less experienced
people to "program" computer systems without introducing gaping
holes or other unexpected behavior.


I completely agree with this.  This is a grand challenge for software
security, so maybe it's not the NEXT problem.  There's a lot of tentative
work in this area - safe strings in C, SafeInt,
StackGuard/FormatGuard/etc., non-executable data segments, security
patterns, and so on.  But these are "bolt-on" methods on top of the same
old languages or technologies, and some of these require developer
awareness.  I know there's been some work in "secure languages" but I'm
not up-to-date on it.



You may find this interesting as this is a subject I feel strongly about myself.

http://www.qasec.com/cycle/securityframeworks.shtml

- Robert
http://www.cgisecurity.com/
http://www.qasec.com/
Previous By Date Next
Previous By Thread Next

Current thread: