Secure Coding mailing list archives
BSIMM: Confessions of a Software SecurityAlchemist(informIT)
From: fw at deneb.enyo.de (Florian Weimer)
Date: Sat, 21 Mar 2009 18:32:59 +0100
* Steven M. Christey:
Two areas that don't seem to immediately lend themselves to design/spec level solutions are (1) transitive trust and (2) interaction errors between multiple components that are all working correctly. I'd love to hear from people who've had to solve these problems in the real world. Based on what I see in CVE, it seems that the answer for item 2 is usually for one component to choose to conform to another's expectations, and that conforming component isn't always the one that "should" be changed.
The really hard things under (2), like the Java/firewall issue, are not fixed at all. Subsequent designs may address it (Silverlight) or not (Flash, post-FTP firewall helpers). The + + + A T H 0 problem is in this cateogry, too. It seems to me that many of those things are, in some sense, layering violations, where one party attaches meaning to properties at a wholly different layer. For instance, the cluster of AS4_PATH issues (which we can't afford not fixing, I think) stems from the fact that BGP has both a message transport layer, and a message semantics layer (much like RFC 821 vs RFC 822). This view is not yet universally shared, though.
Current thread:
- BSIMM: Confessions of a Software SecurityAlchemist(informIT), (continued)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Steven M. Christey (Mar 20)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gunnar Peterson (Mar 20)
- Supply Chain Resiliency Project Assistance Mason Brown (Mar 22)
- Supply Chain Resiliency Project Assistance Gary McGraw (Mar 22)
- Supply Chain Resiliency Project Assistance Gadi Evron (Mar 22)
- Supply Chain Resiliency Project Assistance Wisseman, Stan [USA] (Mar 22)
- Supply Chain Resiliency Project Assistance Sammy Migues (Mar 22)
- Supply Chain Resiliency Project Assistance Dave Wichers (Mar 23)
- Supply Chain Resiliency Project Assistance Mason Brown (Mar 23)
- Supply Chain Resiliency Project Assistance Rohit Lists (Mar 23)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Florian Weimer (Mar 21)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 20)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 21)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Steven M. Christey (Mar 22)
- BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 23)
- The Importance of Type Safety Brad Andrews (Mar 23)
- The Importance of Type Safety Carl Alphonce (Mar 23)
- The Importance of Type Safety AF (Mar 23)
- The Importance of Type Safety Brad Andrews (Mar 23)
- The Importance of Type Safety Jeremy Epstein (Mar 23)
- The Importance of Type Safety AF (Mar 26)