Secure Coding mailing list archives
Re: [External] Re: SearchSecurity: Dynamism
From: "Goertzel, Karen [USA]" <goertzel_karen () bah com>
Date: Sun, 30 Aug 2015 23:14:01 +0000
Does anyone else remember "reference monitors"? What an old-fashioned idea. But they'd certainly solve a lot of problems. === Karen Mercedes Goertzel, CISSP, CSSLP Senior Lead Scientist Booz Allen Hamilton 703.698.7454 goertzel_karen () bah com "The hardest thing of all is to find a black cat in a dark room, especially if there is no cat." - Confucius ________________________________________ From: SC-L [sc-l-bounces () securecoding org] on behalf of Alfonso De Gregorio [adg () secyoure com] Sent: 28 August 2015 13:02 To: Johan Peeters Cc: Secure Code Mailing List Subject: [External] Re: [SC-L] SearchSecurity: Dynamism On Thu, Aug 20, 2015 at 8:20 PM, Johan Peeters <yo () johanpeeters com> wrote:
nice one, Gary. Finally something positive about agile and DevOps. A trick that you may have missed is immutable servers, see Docker and friends. They will be a leap forward for server security when they hit the mainstream.
Immutable servers are nice -- let's deploy them. Yet, in an execution environment where code is data and data is code, high assurance software will also require control-flow integrity in the face of malicious input. Or, what we would be left with are weird machines instantiated from disposable images. -- Alfonso _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________ _______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- SearchSecurity: Dynamism Gary McGraw (Aug 20)
- Re: SearchSecurity: Dynamism Johan Peeters (Aug 28)
- Re: SearchSecurity: Dynamism Alfonso De Gregorio (Aug 30)
- Re: [External] Re: SearchSecurity: Dynamism Goertzel, Karen [USA] (Sep 06)
- Re: SearchSecurity: Dynamism Alfonso De Gregorio (Aug 30)
- Re: SearchSecurity: Dynamism Johan Peeters (Aug 28)