RE:Writing Secure code[update]
From: Pavel Kankovsky (peak@argo.troja.mff.cuni.cz)
Date: 01/03/03
- Previous message: Jeff Williams @ Aspect: "Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection"
- In reply to: charles lindsay: "RE:Writing Secure code[update]"
- Next in thread: dirk.dussart@pwc.be: "RE:Writing Secure code[update]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Pavel Kankovsky" <peak@argo.troja.mff.cuni.cz> Date: Fri, 3 Jan 2003 20:00:26 +0100 (MET) To: secprog@securityfocus.com
On Wed, 1 Jan 2003, charles lindsay wrote:
> Personally, I have very little faith in proof of correctness (a baase
> requirement for A1), as most proofs tended to be larger than the code
> they were trying to prove.
Verification of formal proofs is trivial and a trained monkey can do it
(assuming a sane logic system with a sane proof system is used).
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
- Next message: Warwick Molloy: "Re: Writing Secure code[update]"
- Previous message: Jeff Williams @ Aspect: "Re: JDBC PreparedStatements, Java Data Objects/O-R mapping, and SQL Injection"
- In reply to: charles lindsay: "RE:Writing Secure code[update]"
- Next in thread: dirk.dussart@pwc.be: "RE:Writing Secure code[update]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
