27 Apr
2016
27 Apr
'16
12:15 p.m.
On Apr 27, 2016, at 2:50 PM, Noel Chiappa <jnc at
mercury.lcs.mit.edu> wrote:
...
It's not clear to me that a 'better language' is going to get rid of that,
because there will always be bugs (and the bigger the application, and the
more it gets changed, the more there will be). The vibe I get from my
knowledge of security is that it takes a secure OS, running on hardware that
enforces security, to really fix the problem. (Google "Roger Schell".)
Those things can be useful at times, but they are neither necessary nor sufficient.
For example, while Unix is reasonably secure, application writers have managed to create
massive numbers of security holes that have nothing to do with defects of the OS, and
aren't cured by a better OS. A better language might help (C is the mother of most
security bugs). But the most critical component that is generally missing is a design
attitude that both the design and the implementation need to be CORRECT.
Such design attitudes are very rare. Dijkstra made it his life's mission to promote
this. He demonstrated it in such places as the THE operating system design (read the
paper). Note, by the way, that's a secure system running on hardware that provides no
protection.
By contrast, the common technique of "type in some code, then edit and recompile and
rerun until it seems to work" cannot deliver reliable programs.
paul