Secure Coding mailing list archives
RE: SPI, Ounce Labs Target Poorly Written Code
From: "Peter Amey" <peter.amey () praxis-cs co uk>
Date: Tue, 29 Jun 2004 16:10:46 +0100
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Blue Boar Sent: 28 June 2004 21:35 To: Kenneth R. van Wyk Cc: [EMAIL PROTECTED] Subject: Re: [SC-L] SPI, Ounce Labs Target Poorly Written Code Kenneth R. van Wyk wrote:The article quotes SPI Dynamics' CTO as saying, "It doesn't require developers to learn aboutsecurity," whichstrikes me as being a rather bold statement.I seriously doubt that there is a programming language that can do anything useful that one can't do something stupid with. Never bet against the quality of idiots available in the world. :)
Always willing to rise to a challenge. But I'll cover my bets by slightly changing Blue Boar's words by adding "which wouldn't be obvious". I would assert that using SPARK it is very /hard/ to something stupid and /impossible/ to do something stupid that wouldn't be obvious to the SPARK Examiner tool. In fact, the only way I can think of doing so would be to construct a formal specification for stupidity and then correctly implement it (which is clearly feasible). The first part of your challenge "that can do anything useful" is proved by the existence of real, useful prgorams written in SPARK. Peter ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. The IT Department at Praxis Critical Systems can be contacted at [EMAIL PROTECTED] This footnote also confirms that this email message has been swept by MIMEsweeper for the presence of computer viruses. www.mimesweeper.com ********************************************************************** ________________________________________________________________________ This e-mail has been scanned for all viruses by Star Internet. The service is powered by MessageLabs. For more information on a proactive anti-virus service working around the clock, around the globe, visit: http://www.star.net.uk ________________________________________________________________________
Current thread:
- SPI, Ounce Labs Target Poorly Written Code Kenneth R. van Wyk (Jun 28)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Crispin Cowan (Jun 30)
- <Possible follow-ups>
- RE: SPI, Ounce Labs Target Poorly Written Code Peter Amey (Jun 29)
- RE: SPI, Ounce Labs Target Poorly Written Code ljknews (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code James Walden (Jun 30)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)