dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
470

antdude
Matrix Ant
Premium Member
join:2001-03-25
US

antdude

Premium Member

Why we suck at innovating for security

»www.zdnet.com/why-we-suc ··· 0006585/

"Summary: Modern day security is meant to be state of the art, so why is it that after all these years, we're still getting it so terribly wrong?"

Cudni
La Merma - Vigilado
MVM
join:2003-12-20
Someshire

1 recommendation

Cudni

MVM

Good article. Interesting that we are still facing issues noted as early as '80s. The bad guys have more fun it seems breaking thing and innovating the approaches while the good guys toil. Rather than, elitist state of the art, security should be a domain of lovers or art (there are many many more of those)

Cudni

Cudni

KodiacZiller
Premium Member
join:2008-09-04
73368

1 recommendation

KodiacZiller to antdude

Premium Member

to antdude
It's pretty simple why. Computers are highly complex systems with millions upon millions of lines of code. No human being (or group of humans) can write perfect code for complex applications. It just isn't possible. It's the same problem with hardware.

Perhaps one day there will be automated techniques and algorithms that can be ran to mathematically prove to correctness of code, but so far such techniques are limited in scope. The L4 microkernel people claim to have done it with their kernel code, but others are skeptical of what their formal verification really proves. For instance, the L4 project assumes the following:
quote:
We assume correctness of compiler, assembly code, hardware, and boot code.
There is no reason to "assume" any of those things. Therein lies the problem -- such proofs usually rest on assumptions.

Now does this mean we can do better with writing secure code? Sure. But perfection is far from attainable with current programming techniques and technology. And as long as code remains imperfect, there will always be people like PinkyPie out there who can find the flaws. It will probably take a radical rethinking of computer architecture and programming languages before we can even begin thinking about having provably secure systems. This pioneer of computer science is working on doing just that.

StuartMW
Premium Member
join:2000-08-06

StuartMW

Premium Member

+1

On assumptions.
quote:
A physicist, a chemist and an economist are stranded on an island, with nothing to eat. A can of soup washes ashore. The physicist says, "Lets smash the can open with a rock." The chemist says, "Let’s build a fire and heat the can first." The economist says, "Lets assume that we have a can-opener..."

BTW that joke was told by my HS Economics teacher.