RE: Standards for developing secure software

From: securityat_private
Date: Thu Jan 23 2003 - 10:18:10 PST

  • Next message: Witness: "RE: Standards for developing secure software"

    <SNIP>
    > Over the last few years programs have become larger and larger,
    > partially because programmers have stopped worrying so much about CPU
    > and/or adding additional functionality, but more likely some combination
    > thereof.  Writing better programs (IMO) means writing the program that
    > is less CPU/memory intensive _and_ at the same time being more secure.
    > Why should we have to give up one for the other? I believe we can do
    > them both.
    </SNIP>
    
    While I agree partially, we cannot forget the evolution of programming
    languages as a catylist for ignoring CPU & memory.  As languages become
    more abstract there are fewer tools for manipulating memory directly.  One
    of the main selling points of high-level languages is the fact that you DO
    NOT have to worry about manually handling garbage collection or memory
    manipulation.
    
    Also, it is MUCH cheaper to upgrade the hardware that a program is running
    on, then to invest thousands of man-hours into making the program more
    efficient.  Hardware tends to advance (in terms of power & speed)
    relatively quickly, as compared to software.
    
    I do not mean to say that program efficiency should not be addressed,
    because performance is *always* an issue.  But the point of these
    higher-level languages is that programmers can focus on architecture,
    security, and other things... rather than having to spend time maximizing
    the speed of a particular method.
    
    My $0.02
    
    Ryan Lowe
    http://www.pablowe.net
    



    This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 10:44:50 PST