{"id":439,"date":"2007-04-05T16:51:22","date_gmt":"2007-04-05T09:51:22","guid":{"rendered":""},"modified":"2007-04-05T16:51:22","modified_gmt":"2007-04-05T09:51:22","slug":"typing-saves-your-skin","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2007\/04\/typing-saves-your-skin\/","title":{"rendered":"Typing saves your skin"},"content":{"rendered":"<p>According to a news item from the U.K. Institution of Engineering and<br \/>\nTechnology, a team organised by the SANS Institute analysed 7000 detected<br \/>\nsecurity vulnerabilities from 1996 (the item says &#8220;the 7000&#8221; but doesn&#8217;t say<br \/>\nfurther how they were identified), and found that 85% of them were caused by<br \/>\nthree phenomena:<\/p>\n<p>  * Failure to check user input<br \/>\n  * Allowing buffer overflows (that is, failing to hinder them)<br \/>\n  * Handling integer type checks or overflows incorrectly<!--more--><\/p>\n<p>SANS spotted an opportunity and put together a course and practical exam<br \/>\nabout secure programming, leading to a certificate.<\/p>\n<p>A few observations.<\/p>\n<p>1. Security is not taken as seriously as safety, despite that computer<br \/>\nsecurity problems probably cause more total resource damage than<br \/>\naccidents. I have long believed, with others, that the phenomena in both<br \/>\nareas are similar and thus that similar techniques may be used to assure<br \/>\nsystems vulnerable to these sorts of phenomena. Devising a threat model is<br \/>\nvery similar to hazard identification, but whereas hazard identification is<br \/>\npartly internationally normed, I suspect that people programming software on<br \/>\nnetworks, especially WWW-based SW, rarely have anything like a professional<br \/>\nengineering qualification or status and maybe do not feel as bound to<br \/>\ndiscover and adhere to norms that cover their tasks.<\/p>\n<p>It might help to revise international standards on safety to use the word<br \/>\n&#8220;dependability&#8221; instead of safety, and to use the &#8220;specified loss&#8221;<br \/>\nformulation of the notion of accident rather than the &#8220;physical injury or<br \/>\ndeath&#8221; formulation, and then security vulnerabilities would be covered. Then<br \/>\nagain, rather than leading to a higher standard of programming, this might<br \/>\ninstead just serve to lower the standard of argument for dependability to be<br \/>\nfound in the required documentation.<\/p>\n<p>2. Working in a strongly-typed programming language would have avoided 85%<br \/>\nof the security vulnerabilities discovered (according to some unspecified<br \/>\ncriteria) in 1996.<\/p>\n<p>It is astonishing to me that 47 years after strong typing was invented and<br \/>\nrecognised, and after the Turing Award has been presented to such proponents<br \/>\nas Dijkstra, Hoare, Wirth, Dahl, Nygaard and Naur, professionals not using<br \/>\nthis technology caused 85% of significant errors in a specific area of<br \/>\ncomputing. I think it is disgraceful.<\/p>\n<p>One could always hope that things have changed in the last 10 years. But<br \/>\nobviously the SANS Institute doesn&#8217;t think so.<\/p>\n<p>3. The social phenomena in program construction are overwhelmingly more<br \/>\ninfluential than technical progress. Nothing else could account for<br \/>\nphenomenon 2.<\/p>\n<p>[url=http:\/\/www.iee.org\/oncomms\/sector\/informationpro\/SectionNews\/Object\/92520512-96A3-7299-40BC84823F900F5F]http:\/\/www.iee.org\/oncomms\/sector\/informationpro\/SectionNews\/Object\/92520512-96A3-7299-40BC84823F900F5F[\/url]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Typing saves your skin!<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3],"tags":[],"class_list":["post-439","post","type-post","status-publish","format-standard","hentry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-75","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=439"}],"version-history":[{"count":0,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/439\/revisions"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}