Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Thread Tools Display Modes
  #1   (View Single Post)  
Old 30th July 2016
shep shep is offline
Real Name: Scott
Rc.conf Instructor
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,191
Default Developing a Metric of Software Security

The only problem with Geer’s scheme is that no formal metrics existed in 2014 for assessing the security of software or distinguishing between code that is merely bad and code that is negligently bad. Now, that may change, thanks to a new venture from another cybersecurity legend, Peiter Zatko, known more commonly by his hacker handle “Mudge.”

Mudge and his wife, Sarah, a former NSA mathematician, have developed a first-of-its-kind method for testing and scoring the security of software — a method inspired partly by Underwriters Laboratories, that century-old entity responsible for the familiar circled UL seal that tells you your toaster and hair dryer have been tested for safety and won’t burst into flames.
More here at the Intercept.
Reply With Quote
  #2   (View Single Post)  
Old 31st July 2016
rons's Avatar
rons rons is offline
Join Date: Oct 2015
Posts: 51

Nice concept, except that no corporation holding proprietary code close to the heart will open source their stuff so that it can be appraised. So, they'll likely submit the code under NDA. This could leave the consumer with two different types of assessments (from the perspective of the consumer). From the perspective of the consumer, there would be two different verification methodologies - meaning that in one case, the consumer could independently verify the code, in the other case they could not.

That's OK though, as it could drive more software into the open source realm.

We might be surprised at how many companies would not submit their code via any means, even NDA, because they know how crappily they've coded it.

Last edited by rons; 31st July 2016 at 02:38 PM.
Reply With Quote
  #3   (View Single Post)  
Old 31st July 2016
gpatrick gpatrick is offline
Spam Deminer
Join Date: Nov 2009
Posts: 226

Software has always been able to have been mathematically proved correct and free of bugs and logically correct. It is the cost associated with that task which companies would be against. Also, although there are "software engineers" it is not a formal licensed engineering path like electrical, mechanical or civil engineering. Plus, many programmers, even today, don't have a formal programming education.

I'm also uncertain how some of the new languages and web programming paradigms and frameworks would hold up to the science of computer programming (e.g., logic).

Last edited by gpatrick; 1st August 2016 at 11:35 AM.
Reply With Quote
  #4   (View Single Post)  
Old 31st July 2016
ibara's Avatar
ibara ibara is offline
Future Defcon 201 speaker
Join Date: Jan 2014
Posts: 634

That the only picture of a machine in the article, the two of them examining a Stardust pinball machine, ironically says everything I need to know. (For those who don't know, the Stardust pinball machine has no software.)
Reply With Quote
  #5   (View Single Post)  
Old 1st August 2016
shep shep is offline
Real Name: Scott
Rc.conf Instructor
Join Date: May 2008
Location: Dry and Dusty
Posts: 1,191

I thought the article highlighted the prescience of the OpenBSD project.

Open code, code correctness, true randomness feeding robust encryptation algorithms, fine grain privilege separation and pledging.

Last edited by shep; 1st August 2016 at 04:03 PM.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Thoughts on software and security jggimi OpenBSD Security 2 18th July 2015 06:20 AM
HP developing photonic computer, with new open source OS IdOp News 0 19th June 2014 03:52 PM
Report: Open source software quality is better than proprietary software J65nko News 6 28th February 2012 05:33 PM
MIT developing MITx: Open source software for online education J65nko News 0 21st December 2011 07:07 AM
bbs software mjt FreeBSD Ports and Packages 3 8th May 2008 03:02 PM

All times are GMT. The time now is 05:25 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick