Secure Coding mailing list archives

Compilers

From: ljknews at mac.com (ljknews)
Date: Thu, 21 Dec 2006 11:19:14 -0500

At 10:30 AM -0500 12/21/06, McGovern, James F (HTSC, IT) wrote:

Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
      boundary="----_=_NextPart_001_01C72514.FE7A042C"

I have been noodling the problem space of secure coding after attending a
wonderful class taught by Ken Van Wyk. I have been casually checking out
Fortify, Ounce Labs, etc and have a thought that this stuff should really
be part of the compiler and not a standalone product. Understanding that
folks do start companies to make up deficiencies in what large vendors
ignore, how far off base in my thinking am I?


Isn't the whole basis of Spark a matter of adding proof statements in
the comments ?  I don't think the general compiler marketplace would
go for that built-in to compilers.  After all:

        1. The Praxis implementation can be used with multiple compilers

        2. The compiler market is so immature that some people are still
           using C, C++ and Java.

But for the high-integrity market, Spark seems to fit the bill.
-- 
Larry Kilgallen

Current thread:

PHP security under scrutiny Kenneth Van Wyk (Dec 19)
- PHP security under scrutiny J. M. Seitz (Dec 19)
- Compilers McGovern, James F (HTSC, IT) (Dec 21)
  - Compilers Gunnar Peterson (Dec 21)
    - Compilers McGovern, James F (HTSC, IT) (Dec 21)
    - Compilers J. M. Seitz (Dec 21)
    - Compilers ljknews (Dec 21)
  - Compilers ljknews (Dec 21)
    - Compilers Stephen de Vries (Dec 21)
    - Compilers James Walden (Dec 22)
    - Compilers Crispin Cowan (Dec 25)
    - Compilers Florian Weimer (Dec 29)
  - Compilers Temin, Aaron L. (Dec 21)
  - Compilers Robert C. Seacord (Dec 21)