strangest systems I've sent email from
paulkoning at comcast.net
Wed Apr 27 14:15:17 CDT 2016
> On Apr 27, 2016, at 2:50 PM, Noel Chiappa <jnc at mercury.lcs.mit.edu> wrote:
> It's not clear to me that a 'better language' is going to get rid of that,
> because there will always be bugs (and the bigger the application, and the
> more it gets changed, the more there will be). The vibe I get from my
> knowledge of security is that it takes a secure OS, running on hardware that
> enforces security, to really fix the problem. (Google "Roger Schell".)
Those things can be useful at times, but they are neither necessary nor sufficient.
For example, while Unix is reasonably secure, application writers have managed to create massive numbers of security holes that have nothing to do with defects of the OS, and aren't cured by a better OS. A better language might help (C is the mother of most security bugs). But the most critical component that is generally missing is a design attitude that both the design and the implementation need to be CORRECT.
Such design attitudes are very rare. Dijkstra made it his life's mission to promote this. He demonstrated it in such places as the THE operating system design (read the paper). Note, by the way, that's a secure system running on hardware that provides no protection.
By contrast, the common technique of "type in some code, then edit and recompile and rerun until it seems to work" cannot deliver reliable programs.
More information about the cctalk