On Mon, 2002-10-14 at 13:15, Marcus J. Ranum wrote: > > Inside every "appliance" is an operating system. Inside > every ASIC or "embedded processor" is software. There's > really no difference other than the packaging. Wake up and smell the caffine! Its all software. THAT'S IT! End of Story. All the heritage of s/w applies to "appliances". - Keep it small and simple - Test, test and test. - Limit the complexity. If we can't learn that and apply it rigorously, what have we learnt? We've got nearly 50 years of experience in what makes poor quality (whatever your metric) software. That same poor quality results in poor security. It doesm't matter whether its monolithic or modular, micro, pico or nano-kernel, application or OS layer. Its all software. It doesn't matter whether you're coding in ASM, C++ or Euclid. It doesn't matter if you're design tool is back-of-the-envelope or the best that Rational has to offer. You're still human and fallible. Unless we learn from those basics and address them, all else that said on the subject if frippery. And arguing about the need for "secure kernels" - whatever that may mean - is moot if the application layers are swiss-cheese. Go back through this list and see what else Marcus has to say on, for example, SSL and VPN applications. /anton _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 06:23:16 PDT