antdudeA Ninja AntPremium,VIPReviews:
·Time Warner Cable
Why we suck at innovating for security
"Summary: Modern day security is meant to be state of the art, so why is it that after all these years, we're still getting it so terribly wrong?"
CudniLa Merma - VigiladoPremium,MVM
Good article. Interesting that we are still facing issues noted as early as '80s. The bad guys have more fun it seems breaking thing and innovating the approaches while the good guys toil. Rather than, elitist state of the art, security should be a domain of lovers or art (there are many many more of those)
"what we know we know the same, what we don't know, we don't know it differently."
Help yourself so God can help you.
Microsoft MVP, 2006 - 2012/13
|reply to antdude |
It's pretty simple why. Computers are highly complex systems with millions upon millions of lines of code. No human being (or group of humans) can write perfect code for complex applications. It just isn't possible. It's the same problem with hardware.
Perhaps one day there will be automated techniques and algorithms that can be ran to mathematically prove to correctness of code, but so far such techniques are limited in scope. The L4 microkernel people claim to have done it with their kernel code, but others are skeptical of what their formal verification really proves. For instance, the L4 project assumes the following:
quote:There is no reason to "assume" any of those things. Therein lies the problem -- such proofs usually rest on assumptions.
We assume correctness of compiler, assembly code, hardware, and boot code.
Now does this mean we can do better with writing secure code? Sure. But perfection is far from attainable with current programming techniques and technology. And as long as code remains imperfect, there will always be people like PinkyPie out there who can find the flaws. It will probably take a radical rethinking of computer architecture and programming languages before we can even begin thinking about having provably secure systems. This pioneer of computer science is working on doing just that.
Getting people to stop using windows is more or less the same as trying to get people to stop smoking tobacco products. They dont want to change; they are happy with slowly dying inside. -- munky99999
StuartMWWho Is John Galt?Premium
quote:BTW that joke was told by my HS Economics teacher.
A physicist, a chemist and an economist are stranded on an island, with nothing to eat. A can of soup washes ashore. The physicist says, "Lets smash the can open with a rock." The chemist says, "Lets build a fire and heat the can first." The economist says, "Lets assume that we have a can-opener..."
Don't feed trolls--it only makes them grow!