A look at the MS-SQL worm
Posted Jan 30, 2003 12:11 UTC (Thu) by philips
In reply to: A look at the MS-SQL worm
Parent article: A look at the MS-SQL worm
> formal proof of correctness of programs is pratically impossible:
> the task is too big to be done. It would be better to not use
> programming languages like C or C++ which are inherently prone to
> buffer overflows and memory overwrites.
Take a look at:
B1 Mandatory Protection includes:
----- quote start -----
Design Documentation remains the same as C2, but also describes the
security policy model (either formally, i.e., mathematically, or
informally, i.e., in English) and how the TCB implements this model.
----- quote end -----
In other words, you have to open source at some degree your application
to conform to even to B1 class. You should specify how secure your
solution is and how did you achived this.
Another language buys you nothing - implementation & design flaws is
the point. Rember that 75% of errors are made at design time - even
before you started coding ;)
to post comments)