Re: Proverbial appliance "Its software, Jim!"

[Anton Aylward <aja () si on ca>]

On Mon, 2002-10-14 at 13:15, Marcus J. Ranum wrote:
> Inside every "appliance" is an operating system. Inside
> every ASIC or "embedded processor" is software. There's
> really no difference other than the packaging. 

Wake up and smell the caffine!
Its all software.  
THAT'S IT!  End of Story.

All the heritage of s/w applies to "appliances".
 - Keep it small and simple
 - Test, test and test.
 - Limit the complexity.
If we can't learn that and apply it rigorously, what have we learnt?

We've got nearly 50 years of experience in what makes poor quality
(whatever your metric) software.  That same poor quality results in poor
security.  

It doesm't matter whether its monolithic or modular, micro, pico or
nano-kernel, application or OS layer.  Its all software.  
It doesn't matter whether you're coding in ASM, C++ or Euclid.  It
doesn't matter if you're design tool is back-of-the-envelope or the best
that Rational has to offer.  You're still human and fallible.

Unless we learn from those basics and address them, all else that said
on the subject if frippery.

And arguing about the need for "secure kernels" - whatever that may mean
- is moot if the application layers are swiss-cheese.
Go back through this list and see what else Marcus has to say on, for
example, SSL and VPN applications.

/anton

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards