[trustable-software] A problem with Open Sftware
John Lewis
john_lewis at mac.com
Thu Sep 29 14:13:38 UTC 2016
See the comments about 2/3 down
https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet <https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet>
Quite frightening isn’t it?
It has been there for 2 years and during that time a lot of exploits could have been developed. Because exploits have not been seen, doesn’t mean they have not been produced and are not sitting there waiting to be activated. BTW, another problem with MC software is that if it is compromised, how to you clean it - you cannot just do a clean install.
Standards are all well and good and people can argue about them till the cows come home (they do - I used to sit on an ECMA Committee) but the reality is that many commercial companies like Redhat do not have sufficient incentive - the market pressures are too great - to produce Mission-Critical Software. I regard OS software as being MC.
No, we need a different approach to producing and protecting MC software. I think it is going to come from AI/machine learning/automated V&V rather than trying to define and enforce standards (a 1980s approach).
The core though has to be something like SeL4, or better, a capability architecture like Capsicum.
regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.veristac.io/pipermail/trustable-software/attachments/20160929/860e9fd0/attachment.html>
More information about the trustable-software
mailing list