Secure Coding mailing list archives
RE: Security Standard Branding & Expectation Checklists
From: "David Crocker" <dcrocker () eschertech com>
Date: Sat, 10 Jan 2004 14:54:37 +0000
Crispin Cowan wrote:
*Everyone* was hoping for a less expensive process, but finding one that is effective has been problematic. Security assurance is a *hard* problem. In the general case it reduces to solving Turing's Halting Problem, so it is going to be uncomfortable forever. << Although total security assurance is a hard problem, some sorts of security assurance (e.g. freedom from buffer overflow vulnerabilities) are easy and inexpensive to achieve, if the right development approach is taken and they are goals from the start. Part of the reason why Windows and Linux are plagued with security vulnerabilities is that sloppy coding practices were used; but I suspect that at the time that most of the code was written, virus and worm attacks were not the serious threat that they are now. David Crocker Escher Technologies Ltd. www.eschertech.com
Current thread:
- Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 07)
- Re: Security Standard Branding & Expectation Checklists Brett Hutley (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 09)
- RE: Security Standard Branding & Expectation Checklists David Crocker (Jan 10)
- RE: Security Standard Branding & Expectation Checklists ljknews (Jan 10)
- Re: Security Standard Branding & Expectation Checklists Jeff Williams @ Aspect (Jan 11)
- Re: Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 08)