Re: [BLACKBOX] Secure Software

From: [at]} <Wojtek>
Date: Tue, 22 Sep 2009 10:00:27 -0400

----boundary-LibPST-iamunique-85609903_-_-
Content-type: text/plain

Laziness and convenience are always "extraordinarily compelling".

Even more "extraordinarily compelling" is the boss and the collegaues not
willing to change their habits.

"Serious justification" is extraordinarily easy to produce. It consists of
just two words: "industry standard".

Mediocrity wins in majority of cases, because in most real cases
mediocrity is good enough. Those, who are trying to raise the bar for
other people when there is no perceived need to do so, are perceived as
trouble makers.

Those, who do not understand those simple mechanisms and are trying to
influence their collegaues and their bosses, are facing an expedited path
towards an exit door.

There is a niche market for CP, and that is those cases where success is
critical, resources are scarce, and the management has already exhausted
the conventional solutions based on mediocrity. Then it is time for a
brilliant CP programmer to step in, quickly solve the problem, and then
run away before s/he is lynched by angry collegaues whose incompetence has
just been exposed.

All the above observations are based on actual experience.

Wojtek

On Tue, 22 Sep 2009, Chris Burrows wrote:

> David Jackson of MIT has written an interesting article titled "A Direct
> Path to Dependable Software". In part he says:
>
> "Just as a skyscraper cannot easily be built on sand, a robust software
> system cannot be built on a foundation of weak tools and platforms. Fifty
> years after the invention of static typing and automatic memory management,
> the decision to use an unsafe programming language such as C or C++ (which
> provide neither) requires serious justification, and for a critical system
> the benefits that are obtained in compensation for the loss of safety have
> to be extraordinarily compelling"
>
> Java and C# justifiably get a mention. Maybe somebody should tell him about
> CP?
>
> You can download the complete article from:
>
> http://sdg.csail.mit.edu/pubs/2008/cacm-08.pdf
>
> Cheers,
> Chris
>
> Chris Burrows
> CFB Software
> Armaide v2.1: ARM Oberon-07 Development System
> http://www.armaide.com
>
>
> From: BlackBox [mailto:BLACKBOX{([at]})nowhere.xy
> drbautsch{([at]})nowhere.xy
> Sent: Thursday, 10 January 2008 4:47 AM
> To: BLACKBOX{([at]})nowhere.xy
> Subject: [BLACKBOX] Secure Software
>
>
> Dear all !
>
>
> I hope you will enjoy the brand new issue of the ENISA Quarterly on
> secure software:
>
>
> http://www.enisa.europa.eu/doc/pdf/publications/enisa_quarterly_12_07.pdf
>
> See table on page 4 ;-)
>
> Any feedback is welcome...
>
>
> Best regards from Berlin
>
> Markus
>
>
> ----
> To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy
>
>

----
To unsubscribe, send a message with body "SIGNOFF BLACKBOX" to LISTSERV{([at]})nowhere.xy----boundary-LibPST-iamunique-85609903_-_-
Content-type: application/rtf
Content-transfer-encoding: base64
Content-Disposition: attachment; filename="rtf-body.rtf"
e1xydGYxXGFuc2lcYW5zaWNwZzEyNTJcZnJvbXRleHQgXGRlZmYwe1xmb250dGJsDQp7XGYwXGZz
d2lzcyBBcmlhbDt9DQp7XGYxXGZtb2Rlcm4gQ291cmllciBOZXc7fQ0Ke1xmMlxmbmlsXGZjaGFy
c2V0MiBTeW1ib2w7fQ0Ke1xmM1xmbW9kZXJuXGZjaGFyc2V0MCBDb3VyaWVyIE5ldzt9fQ0Ke1xj
b2xvcnRibFxyZWQwXGdyZWVuMFxibHVlMDtccmVkMFxncmVlbjBcYmx1ZTI1NTt9DQpcdWMxXHBh
cmRccGxhaW5cZGVmdGFiMzYwIFxmMFxmczIwIExhemluZXNzIGFuZCBjb252ZW5pZW5jZSBhcmUg
YWx3YXlzICJleHRyYW9yZGluYXJpbHkgY29tcGVsbGluZyIuXHBhcg0KXHBhcg0KRXZlbiBtb3Jl
ICJleHRyYW9yZGluYXJpbHkgY29tcGVsbGluZyIgaXMgdGhlIGJvc3MgYW5kIHRoZSBjb2xsZWdh
dWVzIG5vdCBccGFyDQp3aWxsaW5nIHRvIGNoYW5nZSB0aGVpciBoYWJpdHMuXHBhcg0KXHBhcg0K
IlNlcmlvdXMganVzdGlmaWNhdGlvbiIgaXMgZXh0cmFvcmRpbmFyaWx5IGVhc3kgdG8gcHJvZHVj
ZS4gSXQgY29uc2lzdHMgb2YgXHBhcg0KanVzdCB0d28gd29yZHM6ICJpbmR1c3RyeSBzdGFuZGFy
ZCIuXHBhcg0KXHBhcg0KTWVkaW9jcml0eSB3aW5zIGluIG1ham9yaXR5IG9mIGNhc2VzLCBiZWNh
dXNlIGluIG1vc3QgcmVhbCBjYXNlcyBccGFyDQptZWRpb2NyaXR5IGlzIGdvb2QgZW5vdWdoLiBU
aG9zZSwgd2hvIGFyZSB0cnlpbmcgdG8gcmFpc2UgdGhlIGJhciBmb3IgXHBhcg0Kb3RoZXIgcGVv
cGxlIHdoZW4gdGhlcmUgaXMgbm8gcGVyY2VpdmVkIG5lZWQgdG8gZG8gc28sIGFyZSBwZXJjZWl2
ZWQgYXMgXHBhcg0KdHJvdWJsZSBtYWtlcnMuXHBhcg0KXHBhcg0KVGhvc2UsIHdobyBkbyBub3Qg
dW5kZXJzdGFuZCB0aG9zZSBzaW1wbGUgbWVjaGFuaXNtcyBhbmQgYXJlIHRyeWluZyB0byBccGFy
DQppbmZsdWVuY2UgdGhlaXIgY29sbGVnYXVlcyBhbmQgdGhlaXIgYm9zc2VzLCBhcmUgZmFjaW5n
IGFuIGV4cGVkaXRlZCBwYXRoIFxwYXINCnRvd2FyZHMgYW4gZXhpdCBkb29yLlxwYXINClxwYXIN
ClRoZXJlIGlzIGEgbmljaGUgbWFya2V0IGZvciBDUCwgYW5kIHRoYXQgaXMgdGhvc2UgY2FzZXMg
d2hlcmUgc3VjY2VzcyBpcyBccGFyDQpjcml0aWNhbCwgcmVzb3VyY2VzIGFyZSBzY2FyY2UsIGFu
ZCB0aGUgbWFuYWdlbWVudCBoYXMgYWxyZWFkeSBleGhhdXN0ZWQgXHBhcg0KdGhlIGNvbnZlbnRp
b25hbCBzb2x1dGlvbnMgYmFzZWQgb24gbWVkaW9jcml0eS4gVGhlbiBpdCBpcyB0aW1lIGZvciBh
IFxwYXINCmJyaWxsaWFudCBDUCBwcm9ncmFtbWVyIHRvIHN0ZXAgaW4sIHF1aWNrbHkgc29sdmUg
dGhlIHByb2JsZW0sIGFuZCB0aGVuIFxwYXINCnJ1biBhd2F5IGJlZm9yZSBzL2hlIGlzIGx5bmNo
ZWQgYnkgYW5ncnkgY29sbGVnYXVlcyB3aG9zZSBpbmNvbXBldGVuY2UgaGFzIFxwYXINCmp1c3Qg
YmVlbiBleHBvc2VkLlxwYXINClxwYXINCkFsbCB0aGUgYWJvdmUgb2JzZXJ2YXRpb25zIGFyZSBi
YXNlZCBvbiBhY3R1YWwgZXhwZXJpZW5jZS5ccGFyDQpccGFyDQpXb2p0ZWtccGFyDQpccGFyDQpP
biBUdWUsIDIyIFNlcCAyMDA5LCBDaHJpcyBCdXJyb3dzIHdyb3RlOlxwYXINClxwYXINCj4gRGF2
aWQgSmFja3NvbiBvZiBNSVQgaGFzIHdyaXR0ZW4gYW4gaW50ZXJlc3RpbmcgYXJ0aWNsZSB0aXRs
ZWQgIkEgRGlyZWN0XHBhcg0KPiBQYXRoIHRvIERlcGVuZGFibGUgU29mdHdhcmUiLiBJbiBwYXJ0
IGhlIHNheXM6XHBhcg0KPlxwYXINCj4gIkp1c3QgYXMgYSBza3lzY3JhcGVyIGNhbm5vdCBlYXNp
bHkgYmUgYnVpbHQgb24gc2FuZCwgYSByb2J1c3Qgc29mdHdhcmVccGFyDQo+IHN5c3RlbSBjYW5u
b3QgYmUgYnVpbHQgb24gYSBmb3VuZGF0aW9uIG9mIHdlYWsgdG9vbHMgYW5kIHBsYXRmb3Jtcy4g
RmlmdHlccGFyDQo+IHllYXJzIGFmdGVyIHRoZSBpbnZlbnRpb24gb2Ygc3RhdGljIHR5cGluZyBh
bmQgYXV0b21hdGljIG1lbW9yeSBtYW5hZ2VtZW50LFxwYXINCj4gdGhlIGRlY2lzaW9uIHRvIHVz
ZSBhbiB1bnNhZmUgcHJvZ3JhbW1pbmcgbGFuZ3VhZ2Ugc3VjaCBhcyBDIG9yIEMrKyAod2hpY2hc
cGFyDQo+IHByb3ZpZGUgbmVpdGhlcikgcmVxdWlyZXMgc2VyaW91cyBqdXN0aWZpY2F0aW9uLCBh
bmQgZm9yIGEgY3JpdGljYWwgc3lzdGVtXHBhcg0KPiB0aGUgYmVuZWZpdHMgdGhhdCBhcmUgb2J0
YWluZWQgaW4gY29tcGVuc2F0aW9uIGZvciB0aGUgbG9zcyBvZiBzYWZldHkgaGF2ZVxwYXINCj4g
dG8gYmUgZXh0cmFvcmRpbmFyaWx5IGNvbXBlbGxpbmciXHBhcg0KPlxwYXINCj4gSmF2YSBhbmQg
QyMganVzdGlmaWFibHkgZ2V0IGEgbWVudGlvbi4gTWF5YmUgc29tZWJvZHkgc2hvdWxkIHRlbGwg
aGltIGFib3V0XHBhcg0KPiBDUD9ccGFyDQo+XHBhcg0KPiBZb3UgY2FuIGRvd25sb2FkIHRoZSBj
b21wbGV0ZSBhcnRpY2xlIGZyb206XHBhcg0KPlxwYXINCj4gaHR0cDovL3NkZy5jc2FpbC5taXQu
ZWR1L3B1YnMvMjAwOC9jYWNtLTA4LnBkZlxwYXINCj5ccGFyDQo+IENoZWVycyxccGFyDQo+IENo
cmlzXHBhcg0KPlxwYXINCj4gQ2hyaXMgQnVycm93c1xwYXINCj4gQ0ZCIFNvZnR3YXJlXHBhcg0K
PiBBcm1haWRlIHYyLjE6IEFSTSBPYmVyb24tMDcgRGV2ZWxvcG1lbnQgU3lzdGVtXHBhcg0KPiBo
dHRwOi8vd3d3LmFybWFpZGUuY29tXHBhcg0KPlxwYXINCj5ccGFyDQo+IFx0YWIgRnJvbTogQmxh
Y2tCb3ggW21haWx0bzpCTEFDS0JPWEBMSVNUUy5PQkVST04uQ0hdIE9uIEJlaGFsZiBPZlxwYXIN
Cj4gZHJiYXV0c2NoQEFPTC5DT01ccGFyDQo+IFx0YWIgU2VudDogVGh1cnNkYXksIDEwIEphbnVh
cnkgMjAwOCA0OjQ3IEFNXHBhcg0KPiBcdGFiIFRvOiBCTEFDS0JPWEBMSVNUUy5PQkVST04uQ0hc
cGFyDQo+IFx0YWIgU3ViamVjdDogW0JMQUNLQk9YXSBTZWN1cmUgU29mdHdhcmVccGFyDQo+XHBh
cg0KPlxwYXINCj4gXHRhYiBEZWFyIGFsbCAhXHBhcg0KPlxwYXINCj5ccGFyDQo+IFx0YWIgSSBo
b3BlIHlvdSB3aWxsIGVuam95IHRoZSBicmFuZCBuZXcgaXNzdWUgb2YgdGhlIEVOSVNBIFF1YXJ0
ZXJseSBvblxwYXINCj4gc2VjdXJlIHNvZnR3YXJlOlxwYXINCj5ccGFyDQo+XHBhcg0KPiBodHRw
Oi8vd3d3LmVuaXNhLmV1cm9wYS5ldS9kb2MvcGRmL3B1YmxpY2F0aW9ucy9lbmlzYV9xdWFydGVy
bHlfMTJfMDcucGRmXHBhcg0KPlxwYXINCj4gXHRhYiBTZWUgdGFibGUgb24gcGFnZSA0IDstKVxw
YXINCj5ccGFyDQo+IFx0YWIgQW55IGZlZWRiYWNrIGlzIHdlbGNvbWUuLi5ccGFyDQo+XHBhcg0K
PlxwYXINCj4gXHRhYiBCZXN0IHJlZ2FyZHMgZnJvbSBCZXJsaW5ccGFyDQo+XHBhcg0KPiBcdGFi
IE1hcmt1c1xwYXINCj5ccGFyDQo+XHBhcg0KPiAtLS0tXHBhcg0KPiBUbyB1bnN1YnNjcmliZSwg
c2VuZCBhIG1lc3NhZ2Ugd2l0aCBib2R5ICJTSUdOT0ZGIEJMQUNLQk9YIiB0byBMSVNUU0VSVkBM
SVNUUy5PQkVST04uQ0hccGFyDQo+XHBhcg0KPlxwYXINClxwYXINClxwYXINCi0tLS1ccGFyDQpU
byB1bnN1YnNjcmliZSwgc2VuZCBhIG1lc3NhZ2Ugd2l0aCBib2R5ICJTSUdOT0ZGIEJMQUNLQk9Y
IiB0byBMSVNUU0VSVkBMSVNUUy5PQkVST04uQ0hccGFyDQp9
----boundary-LibPST-iamunique-85609903_-_---

Received on Tue Sep 22 2009 - 16:00:27 UTC