"Slow But Steady: Achieving Real Security Within Two Decades" by @perrymetzger https://www.youtube.com/watch?v=zTeq_r4kJYA … [0/9]
-
-
Replying to @Ngnghm @perrymetzger
Formal methods aim at providing not perfection, but a *ratchett* so software can't backslide into entire identified classes of bugs [1/9]
1 reply 3 retweets 3 likes -
Replying to @Ngnghm @perrymetzger
Security is 100% absence of certain classes of bugs; removing "most" bugs isn't enough; relying on no human mistakes won't work. [2/9]
1 reply 0 retweets 1 like -
Replying to @Ngnghm @perrymetzger
A lot of software we use or write has lasted and will last for many decades; it is worth taking them seriously & fixing their security [3/9]
1 reply 0 retweets 1 like -
Replying to @Ngnghm @perrymetzger
Think strategic: get full fixes for entire classes of bugs. Not *just* remediations, tactical fixes to individual bugs, half-measures. [4/9]
1 reply 0 retweets 2 likes -
Replying to @Ngnghm @perrymetzger
A full fix must allow incremental replacement of the existing code base, bit by bit with safer or sanitized variants. [5/9]
1 reply 0 retweets 1 like -
Replying to @Ngnghm @perrymetzger
Formal methods work; they are too expensive to apply to everything, but can be used to build safe systems and cage the unverified code [6/9]
1 reply 0 retweets 1 like -
Replying to @Ngnghm @perrymetzger
Unlike testing and auditing, safe languages and formal methods provide a protection *ratchet* against entire *classes* of bugs [7/9]
1 reply 1 retweet 2 likes
Caging the code with capabilities, verified kernel, verified compilers, runtime protection, prevents bugs from spreading [8/9]
-
-
Replying to @Ngnghm @perrymetzger
We need to start now if we want to be ready in 10 or 15 years when we need it only more than today. [9/9]
0 replies 1 retweet 1 likeThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
Read my blog!