|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Thu, 15 Oct 1998 17:08:34 -0700 (PDT) From: Phil Karn <karn@maggie.ka9q.AMPR.ORG> To: cmcurtin@interhack.net CC: perry@piermont.com, cryptography@c2.net In-reply-to: <864st6auew.fsf@strangepork.interhack.net> (message from Matt Curtin on 15 Oct 1998 08:20:23 -0400) Reply-to: karn@qualcomm.com >screw up our algorithms, our protocols, and whatnot. We're still >going to have to be careful and inspect each others' work. This is key. No matter how good our languages get, programmers will still make mistakes. Languages may help prevent stupid, low-level bugs like buffer overruns, but there will always be bugs too subtle or complex for a machine to find automatically. The single most effective mechanism we've found so far for correcting these mistakes is open publication and peer review -- the scientific method in action. So far this approach has produced, with a minimum of resources, operating system kernels far more reliable and robust than those produced with substantially more resources in a proprietary environment. The open approach will undoubtedly produce software that is more secure, too. One serious problem still remains. Once a bug has been identified and corrected, how do we get everyone to adopt it? We need software update mechanisms that are extremely easy to use -- so easy that it would be more work to *not* upgrade. Some Internet software already incorporates mechanisms like this, with varying degrees of nuisance and/or effectiveness. The Real Audio player applet comes to mind. Phil
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |