?

Log in

No account? Create an account
entries friends calendar profile Previous Previous Next Next
Errors and problems - Ed's journal
sobrique
sobrique
Errors and problems
6 Dumbest Ideas in Computer Security

Personal observations on the reliability of the Shuttle, by R.P. Feynman
8 comments or Leave a comment
Comments
phlebas From: phlebas Date: May 28th, 2008 10:21 am (UTC) (Link)
That essay seems familiar - has it been around a while? I remember being somehow unconvinced that 'instead of patching software, we should just write it with no bugs or security holes in the first place!' is a viable solution.
ehrine From: ehrine Date: May 28th, 2008 11:07 am (UTC) (Link)
Looking at the article, it has a 2005 date at the bottom of it. Thing is, most of the points are just as valid now as they were then.
phlebas From: phlebas Date: May 28th, 2008 12:34 pm (UTC) (Link)
My point exactly :)
sobrique From: sobrique Date: May 28th, 2008 05:41 pm (UTC) (Link)
There exist operating systems that implement levels of access control and reliablity that they're considered safe enough to run in classified environments. They're designed in a different way, and code has to be written very specifically to take account of this - your average app just won't work.

But if the need is enough, and someone's willing to pay, it can be done. I mean, it's just plain unacceptable to have a civil engineering project that's as flawed as some of the software on the market these days.
mister_jack From: mister_jack Date: May 28th, 2008 10:30 am (UTC) (Link)
Interesting stuff.

The white list vs. black list idea is actually quite strong I think; provided manual override is good.

Point 3 is off, here's the real reason software security is bad: it costs more money than it is commercially worth to build properly secure software.
sobrique From: sobrique Date: May 28th, 2008 05:43 pm (UTC) (Link)
I think you're entirely correct. It's possible to make a really high grade of software in terms of integrity, but the amount of effort involved in doing so, and proving it so is extremely high. Until there's demand for it at a baseline, it's not going to happen.
warmage From: warmage Date: May 28th, 2008 06:18 pm (UTC) (Link)
From the first:

"Do you have hands-on experience with xyz from pdq.com? If so, I'm authorized to take you to dinner at Ruth's Chris if you promise to give me the low-down on the product off the record. Contact, etc..." The IT manager later told me that a $200 dinner expense saved them over $400,000 worth of hellish technological trauma.


fskin.
brilliant.
sobrique From: sobrique Date: May 28th, 2008 06:37 pm (UTC) (Link)
It's the simple solutions that are often the most effective. And also the ones that are disallowed by corporate policy.
8 comments or Leave a comment