WannaCry [OT]

Mark Waddingham mark at livecode.com
Tue May 16 04:46:16 EDT 2017 

On 2017-05-16 02:23, Richard Gaskin via use-livecode wrote:
> Until we see some enforced security standards, I have no interest in
> "smart cars", "smart TVs" or "smart homes".  When I look at those
> products I just see one big botnet.

I'd at least hope that 'smart cars' software is engineered to a much
higher standard than other places:

    https://en.wikipedia.org/wiki/MISRA_C

[ Of course, it is slightly worrying that Chrome thinks that 
www.misra-c.com
is 'Not Secure' ;) ]

Such standards, processes and tooling helps to ensure that code that is
written minimizes the chance of vulnerabilities *in the code* (e.g. 
buffer
overruns). Of course it doesn't necessarily cover vulnerabilities in
design - e.g. in protocols.

There are other methods to ensure this is the case (at least in terms of
the code):

   - adequate automated testing (100% coverage being the goal - i.e. the
     tests should exercise every line of code).

   - fuzz testing (giving random inputs to every module in a system
     to make sure it handles any potential case gracefully).

   - extensive code review (i.e. ensuring that code does not make it into
     a system unless it has been thoroughly checked by as many people as
     possible).

   - use static analysis tools (e.g. Coverity).

Of course, the principal issue really is that most code which is used in
critical systems (and systems generally) tends to be C/C++ - or 
something
like Java where the VM and parts of the supporting libraries are written
in C/C++ (e.g. Smart TVs, Blu-Ray players, Android phones).

C/C++ are inherently unsafe (let you do things which are wrong) 
languages
(although it is becoming increasingly easy to write safe code in C++ - 
as
long as you use it in a specific way - you cannot yet turn off unsafe 
aspects
of the language which means they can be used).

The reason they are unsafe is because the design of them means that 
static
checking is really hard to do well (the depth of what Coverity does, for 
example
is quite astounding but it is not perfect by any means) and impossible 
to do
completely.

The solution then is to use *safe* languages - ones which don't let you 
write
code which contains the kind of exploitable vulnerability which result 
in
virii being able to be written in the first place.

However, the reality is that the number of safe-systems-languages (ones 
where
it is possible to write device drivers, kernels etc.) in existence is 
well,
negligible (Rust is probably the only one which has floated to the 
surface of
the dev community in recent years that I can think of); this combined 
with
the fact that there are probably not just billions but trillions of 
lines of
C/C++ code in the world means that things are probably not going to 
change
much soon - the cost to rewrite all of that in a language such as Rust 
would
probably be larger than the entire economic output of the entire world.

Warmest Regards,

Mark.

-- 
Mark Waddingham ~ mark at livecode.com ~ http://www.livecode.com/
LiveCode: Everyone can create apps

More information about the use-livecode mailing list