Secure Coding mailing list archives
Re: SPI, Ounce Labs Target Poorly Written Code
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 29 Jun 2004 20:24:09 +0100
Peter Amey wrote:
I would assert that using SPARK it is very /hard/ to something stupid
and /impossible/ to do something stupid that wouldn't be obvious to
the SPARK Examiner tool. In fact, the only way I can think of doing
so would be to construct a formal specification for stupidity and
then correctly implement it (which is clearly feasible).
To clarify, I'm talking about things like passing unfiltered user input
to a system shell, or a native API, something like that. I wasn't
neccessarily referring to blowing up your buffers, etc...
If SPARK is designed to stop things like that, then I'll happily go and
try to do something stupid in it...
My basic point (which I probably made poorly) is that a language that
keeps one from blowing up their buffers, getting their signs wrong,
etc... won't help logic errors and bad design. I have nothing against
"secure" languages, and I'd be happy to see them in wider use. I was
just sceptical about these libraries under discussion that can keep
someone from introducing security holes.
BB
Current thread:
- SPI, Ounce Labs Target Poorly Written Code Kenneth R. van Wyk (Jun 28)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Crispin Cowan (Jun 30)
- <Possible follow-ups>
- RE: SPI, Ounce Labs Target Poorly Written Code Peter Amey (Jun 29)
- RE: SPI, Ounce Labs Target Poorly Written Code ljknews (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code James Walden (Jun 30)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)