In case you missed it, the Whitehouse released the ONCD Technical Report - A Path Toward Secure and Measurable Software (Link).
It's a only 19 pages long report containing mostly nothing new or interesting. You can read it but is mostly dull. More interesting are some of the source links.
The only important thing is the preference of memory save programming languages. Well, this could be the end of the Rust vs C debate, but it isn't, see this video with Linus Torvalds (Link).
What you can take out of this debate, if let all the pseudo relgiouse aspects of programming languages beside, there two takeaways:
- A fool with a tool (programming language) is still a fool
- There are some programming languages (Rust, Go, Java, ...) that have advantages if you are not Linus Torvalds or me if you are a normal software developer
- The discussion about which new programming language will be so much better, will never end.
What I personally found remarkable in the Video was the argument of simplicity of C.
Next chapter, the verification thingy, I have major doubt of this idea, It sounds for me like some academics are on the search for gold. The other thing, the usage of trustfully libs, dam this common sense. But for Go and Python this is areal problem at the moment.
The next chapter about software measurability, hey that's exactly my business. At the end, it's a hard problem to measure software security, no way Sherlock.
To be continued ... or not.
The rest of the report is generic or common bla bla. It's not worth reading.
No comments:
Post a Comment