Shostack + Friends Blog Archive


Two On Secure Software

There’s a placeholder page at NIST for their SAMATE project, (“Software Assurance Metrics and Tool Evaluation”). Interesting stuff if you wonder why its so hard to release secure software.

Also, Lauri@Schedler writes, in Making correct code look good

Reading the article I was wondering what is the point of leaving information about safe and unsafe strings to the person reading / reviewing the written code? I mean, isn’t this kind of automatic processing exactly what computers were originally invented for? In a large software system there would be hundreds or even thousands of statements that must be manually validated for safe/unsafe compliance. Reviewing them is a lot of work. And in a large group someone is bound to forget one letter ‘u’ from their variable names, violating the entire scheme until the mistake is noticed in a review (or not).

Why leave something this important to manual inspection? After all, this kind of situation is exactly what type systems were introduced into programming languages.

Sounds good to me. Maybe the typing system could include a taint analysis, too.