Re: Public disclosure of discovered vulnerabilities
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: Public disclosure of discovered vulnerabilities

From: Andrew Swallow <am.swallow@btopenworld.com>
Date: Wed May 25 2005 - 17:30:30 CEST



Bryan Olson wrote:



[snip]



> So what is my own point? Today, the primary problem in Software


> Engineering is a correctness problem, which leads to a


> robustness problem, a reliability problem, and a security


> problem. The limiting factor on the vast majority of real-world


> programming challenges is the ability of humans to write correct


> code. Cost is always an issue, and the ability of advanced


> software development enterprises to produce reliable code at


> thousands of dollars, or tens of thousands of dollars per line


> is not a realistic solution.



Correctness profs need to be made more user friendly.



1.  Allow finite serial data input streams that terminate with an 


end-of-file marker.  This describes the main loop in most commercial 


programs so it needs to be available to the tester.



2.  Predicut calculus, or what ever Z uses, is the opposite way round 


from the algebraic logic used by most computer languages so permit 


algebraic logic.



3.  Restrict the characters to ASCII.  Symbols can be replaced by words. 


  (Although mouse clicks on a special symbol set may be possible 


providing the printer can handle them.)



Andrew Swallow


Received on Thu Sep 29 21:38:39 2005