Secure Coding mailing list archives

RE: Security Standard Branding & Expectation Checklists

From: "David Crocker" <dcrocker () eschertech com>
Date: Sat, 10 Jan 2004 14:54:37 +0000

Crispin Cowan wrote:

*Everyone* was hoping for a less expensive process, but finding one that
is effective has been problematic. Security assurance is a *hard*
problem. In the general case it reduces to solving Turing's Halting
Problem, so it is going to be uncomfortable forever.
<<

Although total security assurance is a hard problem, some sorts of security
assurance (e.g. freedom from buffer overflow vulnerabilities) are easy and
inexpensive to achieve, if the right development approach is taken and they are
goals from the start.

Part of the reason why Windows and Linux are plagued with security
vulnerabilities is that sloppy coding practices were used; but I suspect that at
the time that most of the code was written, virus and worm attacks were not the
serious threat that they are now.

David Crocker
Escher Technologies Ltd.
www.eschertech.com

Current thread:

Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 07)
- Re: Security Standard Branding & Expectation Checklists Brett Hutley (Jan 08)
- Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 08)
  - Re: Security Standard Branding & Expectation Checklists Jared W. Robinson (Jan 08)
    - Re: Security Standard Branding & Expectation Checklists Crispin Cowan (Jan 09)
    - RE: Security Standard Branding & Expectation Checklists David Crocker (Jan 10)
    - RE: Security Standard Branding & Expectation Checklists ljknews (Jan 10)
    - Re: Security Standard Branding & Expectation Checklists Jeff Williams @ Aspect (Jan 11)
  - RE: Security Standard Branding & Expectation Checklists David Crocker (Jan 10)