Secure Coding mailing list archives
Re: SPI, Ounce Labs Target Poorly Written Code
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 29 Jun 2004 20:24:09 +0100
Peter Amey wrote: I would assert that using SPARK it is very /hard/ to something stupid and /impossible/ to do something stupid that wouldn't be obvious to the SPARK Examiner tool. In fact, the only way I can think of doing so would be to construct a formal specification for stupidity and then correctly implement it (which is clearly feasible). To clarify, I'm talking about things like passing unfiltered user input to a system shell, or a native API, something like that. I wasn't neccessarily referring to blowing up your buffers, etc... If SPARK is designed to stop things like that, then I'll happily go and try to do something stupid in it... My basic point (which I probably made poorly) is that a language that keeps one from blowing up their buffers, getting their signs wrong, etc... won't help logic errors and bad design. I have nothing against "secure" languages, and I'd be happy to see them in wider use. I was just sceptical about these libraries under discussion that can keep someone from introducing security holes. BB
Current thread:
- SPI, Ounce Labs Target Poorly Written Code Kenneth R. van Wyk (Jun 28)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Crispin Cowan (Jun 30)
- <Possible follow-ups>
- RE: SPI, Ounce Labs Target Poorly Written Code Peter Amey (Jun 29)
- RE: SPI, Ounce Labs Target Poorly Written Code ljknews (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)
- Re: SPI, Ounce Labs Target Poorly Written Code James Walden (Jun 30)
- Re: SPI, Ounce Labs Target Poorly Written Code Blue Boar (Jun 29)