Errors and problems

May. 28th, 2008 07:14 am
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Date: 2008-05-28 10:21 am (UTC)
From: [identity profile] phlebas.livejournal.com
That essay seems familiar - has it been around a while? I remember being somehow unconvinced that 'instead of patching software, we should just write it with no bugs or security holes in the first place!' is a viable solution.

Date: 2008-05-28 11:07 am (UTC)
From: [identity profile] ehrine.livejournal.com
Looking at the article, it has a 2005 date at the bottom of it. Thing is, most of the points are just as valid now as they were then.

Date: 2008-05-28 12:34 pm (UTC)
From: [identity profile] phlebas.livejournal.com
My point exactly :)

Date: 2008-05-28 05:41 pm (UTC)
From: [identity profile] sobrique.livejournal.com
There exist operating systems that implement levels of access control and reliablity that they're considered safe enough to run in classified environments. They're designed in a different way, and code has to be written very specifically to take account of this - your average app just won't work.

But if the need is enough, and someone's willing to pay, it can be done. I mean, it's just plain unacceptable to have a civil engineering project that's as flawed as some of the software on the market these days.

Date: 2008-05-28 10:30 am (UTC)
From: [identity profile] mister-jack.livejournal.com
Interesting stuff.

The white list vs. black list idea is actually quite strong I think; provided manual override is good.

Point 3 is off, here's the real reason software security is bad: it costs more money than it is commercially worth to build properly secure software.

Date: 2008-05-28 05:43 pm (UTC)
From: [identity profile] sobrique.livejournal.com
I think you're entirely correct. It's possible to make a really high grade of software in terms of integrity, but the amount of effort involved in doing so, and proving it so is extremely high. Until there's demand for it at a baseline, it's not going to happen.

Date: 2008-05-28 06:18 pm (UTC)
From: [identity profile] warmage.livejournal.com
From the first:

"Do you have hands-on experience with xyz from pdq.com? If so, I'm authorized to take you to dinner at Ruth's Chris if you promise to give me the low-down on the product off the record. Contact, etc..." The IT manager later told me that a $200 dinner expense saved them over $400,000 worth of hellish technological trauma.


fskin.
brilliant.

Date: 2008-05-28 06:37 pm (UTC)
From: [identity profile] sobrique.livejournal.com
It's the simple solutions that are often the most effective. And also the ones that are disallowed by corporate policy.
  • Add Memory
  • Share This Entry
Flat | Top-Level Comments Only

Profile

sobrique: (Default)
sobrique

December 2015

S M T W T F S
  12345
6789101112
13141516171819
20212223242526
2728 293031  

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated Feb. 18th, 2026 06:39 am
Powered by Dreamwidth Studios