FW: What's the next tech problem to be solvedin softwaresecurity?

[ljknews at mac.com (ljknews)]

At 9:16 AM -0400 6/10/07, Robert C. Seacord wrote:
> ljknews,
>
> Yes, it is virtually impossible to get a serious runtime error in an Ada
> program.  For example:
>
> http://www.youtube.com/watch?v=kYUrqdUyEpI

It amazes me that someone in a discussion of software security would point
to a page that requires Javascript to be viewed.

But I see the topic of the page was Ariane 5, a well known case of running
software in an environment other than that specified in the design of the
software.

That is a management issue - my comments were about buffer overflows,
as were the comments of David Crocker which I quoted.  If you have
secret knowledge that the Ariane 5 failure was related to buffer
overflows, please share it.

Not reading what was going on, in fact, was the cause of the Ariene 5
failure.

> > At 9:51 PM +0100 6/9/07, David Crocker wrote:
> >
> >   
> > > If instead we pay people to perform the more skilled tasks of establishing
> > > requirements and specifying the systems to meet them, and use computers to
> > > generate programs that meet the specifications, then such things as freedom from
> > > buffer overflow come free of charge. By "freedom" here, I don't mean the sort of
> > > freedom that comes in "safe" languages such as Ada and Java - in which the
> > > buffer overflow raises an exception, probably requiring a restart of the
> > > subsystem
> > >     
> >
> > In my experience with Ada 83, the potential for buffer overflow is detected
> > at compile time.  When I get an unexpected runtime exception, it is almost
> > always at the interface to another language.
> >   

-- 
Larry Kilgallen