Secure Coding mailing list archives

BSIMM: Confessions of a Software SecurityAlchemist(informIT)

From: steingra at gmail.com (Andy Steingruebl)
Date: Wed, 25 Mar 2009 13:00:11 -0700

On Wed, Mar 25, 2009 at 10:18 AM, ljknews <ljknews at mac.com> wrote:


Worry about enforcement by the hardware architecture after
you have squeezed out all errors that can be addressed by
software techniques.\



Larry,

Given the focus we've seen fro Microsoft and protecting developers from
mistakes through things like DEP, ASLR, SEH, etc. why do you think that
these can't be done in parallel?  I mean, we used to not have Virtual Memory
or real MMUs and the developer had to make sure they didn't step on other
people's pages.  Hardware support for protection on pages has helped with a
lot of things right?

I'm not saying I'm holding out hope for hardware to solve all our problems
(that would be silly) but I do think it can be fairly useful for some
classes of problems and a lot more scalable/repeatable.  Practical right
now, no.  But we're sort of in the realm of fantasy in this discussion
already if we think the general mass of people writing software are going to
switch languages because certain ones are more reliable....

- Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://krvw.com/pipermail/sc-l/attachments/20090325/dd8dcad1/attachment.html

Current thread:

The Importance of Type Safety, (continued)
- - - The Importance of Type Safety Brad Andrews (Mar 23)
    - The Importance of Type Safety Carl Alphonce (Mar 23)
    - The Importance of Type Safety AF (Mar 23)
    - The Importance of Type Safety Brad Andrews (Mar 23)
    - The Importance of Type Safety Jeremy Epstein (Mar 23)
    - The Importance of Type Safety AF (Mar 26)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 24)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Gary McGraw (Mar 25)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 25)
    - Message not available
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Andy Steingruebl (Mar 25)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) ljknews (Mar 25)
    - BSIMM: Confessions of a Software Security Alchemist(informIT) Jim Manico (Mar 20)
    - BSIMM: Confessions of a Software Security Alchemist(informIT) Gary McGraw (Mar 20)
    - BSIMM: Confessions of a Software Security Alchemist (informIT) John Steven (Mar 20)
    - BSIMM: Confessions of a Software Security Alchemist(informIT) Tom Brennan - OWASP (Mar 20)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) Jim Manico (Mar 21)
    - BSIMM: Confessions of a Software SecurityAlchemist(informIT) John Steven (Mar 24)
    - BSIMM: Confessions of a Software Security Alchemist (informIT) Jim Manico (Mar 19)
    - BSIMM: Confessions of a Software Security Alchemist (informIT) Gary McGraw (Mar 19)
    - BSIMM: Confessions of a Software Security Alchemist (informIT) Jim Manico (Mar 19)

(Thread continues...)