Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Save the Net, Sue a Software Maker
David Banisar, 2001-12-17

Safety standards and civil liability made automobiles safe. It can work for software too.

Comments Mode:
Save the Net, Sue a Software Maker 2001-12-17
Sean, bremerton Wa (4 replies)
Save the Net, Sue a Software Maker 2001-12-17
Brock
RE: Sean, bremerton Wa : Save the Net, Sue a Software Maker 2001-12-24
Anonymous (1 replies)
RE: Sean, bremerton Wa : Save the Net, Sue a Software Maker 2002-01-03
Anonymous
Re: Sean 2002-01-06
guest@netpixies.net
Save the Net, Sue a Software Maker 2002-01-12
An old codger that used to be proud of his profession.
Save the Net, Sue a Software Maker 2001-12-17
System High
Save the Net, Sue a Software Maker 2001-12-17
Jesse (1 replies)
Save the Net, Sue a Software Maker 2001-12-18
Anonymous
Save the Net, Sue a Software Maker 2001-12-17
philw (1 replies)
Save the Net, Sue a Software Maker 2001-12-19
DavidM
Save the Net, Sue a Software Maker 2001-12-18
Anonymous (1 replies)
Save the Net, Sue a Software Maker 2001-12-20
Anonymous
Save the Net, Sue a Software Maker 2001-12-18
Robert A. Matern (3 replies)
Engineering Type of Certification for Software 2001-12-18
nelson (1 replies)
Engineering Type of Certification for Software 2001-12-19
Robert A. Matern
Save the Net, Sue a Software Maker 2001-12-19
DavidM
Save the Net, Sue a Software Maker 2001-12-19
Anonymous
Save the Net, Sue a Software Maker 2001-12-18
Brad Freeman
Save the Net, Sue a Software Maker 2001-12-18
kbrown@nospam.com (2 replies)
Save the Net, Sue a Software Maker 2001-12-19
Robert A. Matern
Save the Net, Sue a Software Maker 2001-12-19
David
Save the Net, Sue a Software Maker 2001-12-18
theX (2 replies)
Save the Net, Sue a Software Maker 2001-12-19
Robert A. Matern
Save the Net, Sue a Software Maker 2001-12-19
Anonymous
Save the Net, Sue a Software Maker 2001-12-18
Anonymous (1 replies)
Save the Net, Sue a Software Maker 2001-12-19
Bill reilly
Save the Net, Sue a Software Maker 2001-12-18
Anonymous
Save the Net, Sue a Software Maker 2001-12-18
Anonymous (1 replies)
Save the Net, Sue a Software Maker 2001-12-20
Anonymous
Save the Net, Sue a Software Maker 2001-12-18
Anonymous
Save the Net, Sue a columnist 2001-12-19
Anonymous (1 replies)
Save the Net, Sue a columnist 2001-12-20
Anonymous (1 replies)
Save the Net, Sue a columnist 2001-12-31
Annoyed Reader
Save the Net, Sue a Software Maker 2001-12-19
I Speak from Experience
Save the Net, Sue a Software Maker 2001-12-19
Anonymous
Save the Net, Sue a Software Maker 2001-12-19
_rAt_
Save the Net, Sue a Software Maker 2001-12-19
Anonymous
Save the Net, Sue a Software Maker 2001-12-19
Rob John (1 replies)
Save the Net, Sue a Software Maker 2001-12-21
Anonymous
Save the Net, Sue a Software Maker 2001-12-19
Watsonian
Legal Clarifications... 2001-12-19
BillReilly
Save the Net, Sue a Software Maker 2001-12-20
Anonymous
Sue Tim Burners Lee 2001-12-21
Anonymous
OS and App tools NOT ready for Prime time= lawsuit city! 2001-12-21
we are years away from having tools that coders can use safely (ex: SELinux and CycloneC)! (1 replies)
Programmers and developers don't have proper tools TODAY to even begin to write secure applications. If this lawsuit situation started... then maybe these tools would be devloped faster!

So, what is a mother to do?

We (programmers, developers, users, etc), are all walking the same dangerous path (at least until a secure OS and a secure progamming language is developed). Below read about Security-enhanced linux and Cyclone, two solutions that are still years away from being ready. Anything that can be done to get these done faster would help us all!

About SELinux Read:
http://www.nsa.gov/selinux/index.html
"existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. As a consequence, application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security".

About Cyclone C read:
http://www.research.att.com/projects/cyclone/
"Cyclone is a programming language based on C that is safe, meaning that it rules out programs that have buffer overflows, dangling pointers, format string attacks, and so on. High-level, type-safe languages, such as Java, Scheme, or ML also provide safety, but they don't give the same control over data representations and memory management that C does (witness the fact that the run-time systems for these languages are usually written in C.)"...

http://www.securityfocus.com/guest/9094
"In this article, security expert John Viega, CTO of Secure Software Solutions and author of Building Secure Software, takes a look at Cyclone, the new "secure C dialect". He determines that it is an interesting language with a lot of promise, but is not ready for prime time".

Also remember to read:
http://www.salon.com/tech/review/2000/08/31/schneier/
Ain't no network strong enough
Master cryptographer Bruce Schneier's "Secrets and Lies" explains why computer security is an oxymoron.
By Brendan I. Koerner



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/47/9418#9418
Re: OS and App tools NOT ready for Prime time= lawsuit city! 2002-01-06
Anonymous
Save the Net, Sue a Software Maker 2001-12-29
Anonymous (1 replies)
Save the Net, Sue a Software Maker 2001-12-31
Anonymous
Save the Net, Sue a Software Maker 2001-12-30
Sean Ackley <securityfocus@ackind.net>
Sue them ALL!!! 2001-12-31
JeffM (1 replies)
Get a brain... 2002-01-04
Matt Hargraves
Save the Net, Sue a Software Maker 2002-01-11
Blacksheep







 

Privacy Statement
Copyright 2009, SecurityFocus