RE: Security Standard Branding & Expectation Checklists

["David Crocker" <dcrocker () eschertech com>]

Crispin Cowan wrote:

> >
This is what the old Orange Book standard did, and kind of what the
Common Criteria does today. For 6 or 7 digits of money, various labs
will certify that your product complied with those well-established
software development methods, and provides certain mandatory features
such as audit logging. None of which prevents you from having a remotely
exploitable buffer overflow on day 1 after certification is granted and
your product is released.
<<

A software development process that admits ANY sort of buffer overflow attack is
seriously broken, IMO. You don't even need formal methods to avoid buffer
overflows, just good defensive programming practice.

Buffer overflow attacks are so easy to prevent that I think any so-called
software engineer who writes code that suffers from such a vulnerability
deserves to be found guilty of negligence.

David Crocker
Escher Technologies Ltd.
www.eschertech.com