mark at livecode.com
Tue May 16 10:46:16 CEST 2017
On 2017-05-16 02:23, Richard Gaskin via use-livecode wrote:
> Until we see some enforced security standards, I have no interest in
> "smart cars", "smart TVs" or "smart homes". When I look at those
> products I just see one big botnet.
I'd at least hope that 'smart cars' software is engineered to a much
higher standard than other places:
[ Of course, it is slightly worrying that Chrome thinks that
is 'Not Secure' ;) ]
Such standards, processes and tooling helps to ensure that code that is
written minimizes the chance of vulnerabilities *in the code* (e.g.
overruns). Of course it doesn't necessarily cover vulnerabilities in
design - e.g. in protocols.
There are other methods to ensure this is the case (at least in terms of
- adequate automated testing (100% coverage being the goal - i.e. the
tests should exercise every line of code).
- fuzz testing (giving random inputs to every module in a system
to make sure it handles any potential case gracefully).
- extensive code review (i.e. ensuring that code does not make it into
a system unless it has been thoroughly checked by as many people as
- use static analysis tools (e.g. Coverity).
Of course, the principal issue really is that most code which is used in
critical systems (and systems generally) tends to be C/C++ - or
like Java where the VM and parts of the supporting libraries are written
in C/C++ (e.g. Smart TVs, Blu-Ray players, Android phones).
C/C++ are inherently unsafe (let you do things which are wrong)
(although it is becoming increasingly easy to write safe code in C++ -
long as you use it in a specific way - you cannot yet turn off unsafe
of the language which means they can be used).
The reason they are unsafe is because the design of them means that
checking is really hard to do well (the depth of what Coverity does, for
is quite astounding but it is not perfect by any means) and impossible
The solution then is to use *safe* languages - ones which don't let you
code which contains the kind of exploitable vulnerability which result
virii being able to be written in the first place.
However, the reality is that the number of safe-systems-languages (ones
it is possible to write device drivers, kernels etc.) in existence is
negligible (Rust is probably the only one which has floated to the
the dev community in recent years that I can think of); this combined
the fact that there are probably not just billions but trillions of
C/C++ code in the world means that things are probably not going to
much soon - the cost to rewrite all of that in a language such as Rust
probably be larger than the entire economic output of the entire world.
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps
More information about the use-livecode