Secure Coding mailing list archives
Functional Correctness
From: jim at manico.net (Jim Manico)
Date: Fri, 21 Aug 2009 16:28:20 -0400
We are approaching huge industry-wide application security critical mass for the first time. Now is the time to strike. If all we teach is input validation+canonicalization, query parameterization, and output encoding, we stop xss and sqli via education Jim Manico On Aug 21, 2009, at 11:54 AM, Brad Andrews <andrews at rbacomm.com> wrote:
I completely agree, though how are we really going to reach this point? We have been talking about this at least since I got into development in the early 1980s. We are not anywhere closer, though we have lots of neat tools that do lots of neat stuff. Unfortunately, our programs are also a lot more complicated, making the "correct" proof much more difficult. Can we really believe it is "just around the corner" to prove this? -- Brad Andrews RBA Communications CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI Quoting "Cassidy, Colin (GE Infra, Energy)" <colin.cassidy at ge.com>:Martin Gilje Jaatun wrote:Karen, Matt & all, Goertzel, Karen [USA] wrote:I'm more devious. I think what needs to happen is that weneed to redefine what we mean by "functionally correct" or "quality" code._______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com ) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?), (continued)
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?) Cassidy, Colin (GE Infra, Energy) (Aug 21)
- Security as a part of code quality (Was: Re: Where Does Secure Coding Belong In the Curriculum?) Gary McGraw (Aug 21)
- Functional Correctness Brad Andrews (Aug 21)
- Functional Correctness Gary McGraw (Aug 21)
- Functional Correctness Brad Andrews (Aug 21)
- Functional Correctness Cassidy, Colin (GE Infra, Energy) (Aug 22)
- Functional Correctness Pravir Chandra (Aug 24)
- Where Does Secure Coding Belong In the Curriculum? McGovern, James F (HTSC, IT) (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 25)
- Where Does Secure Coding Belong In the Curriculum? Wall, Kevin (Aug 25)
- Functional Correctness Jim Manico (Aug 21)
- Customer Demand Brad Andrews (Aug 21)
- Customer Demand Goertzel, Karen [USA] (Aug 21)
- Customer Demand Brad Andrews (Aug 21)
- Where Does Secure Coding Belong In the Curriculum? Goertzel, Karen [USA] (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Neil Matatall (Aug 20)
- Where Does Secure Coding Belong In the Curriculum? Robert Seacord (Aug 21)
- Grading Secure Programs Brad Andrews (Aug 21)
- Grading Secure Programs Julie J.C.H. Ryan, D.Sc. (Aug 21)