Re: Security overkill

From: SMcClenahan@ATTBI.com
Date: Mon May 19 2003 - 15:48:58 MDT


> > Two words: Open Source. A.k.a. Free (libre) software.
>
> Indeed, Open Source projects are an *excellent* example of how
> horrible, vast security holes can sneak in un-noticed in absence of
> sufficient oversite. Witness recent holes in SSH, sendmail, and
> bind.

Most, if not all, of those issues are not at the application or business level.
Those holes appear in the lower levels by taking advantage of things like the
seemingly ubiquitous buffer over-runs that plague programs written in C/C++. I
doubt that a complex application such as Friendliness can be subversively
hacked in that way because the operating system will probably have to have
similar complexity to support the Friendliness software-architectural
requirements.

My approach to AI (whenever that is) will be top-down. Define your software
component interfaces, define the levels/tiers/Separation Of Concerns, use
Object-oriented and Aspect-oriented designs and languages, write unit tests for
each component, constant integration, etc... (you software engineers know where
I'm going with this.) And yes, my software will be open, with a copyright for
legal purposes.

cheers,
    Simon



This archive was generated by hypermail 2.1.5 : Wed Jul 17 2013 - 04:00:42 MDT