Tightening security: Time to prioritize it!!
Posted Jun 28, 2012 15:31 UTC (Thu) by david.a.wheeler
Parent article: Tightening security: not for the impatient
Congrats to Kees Cook, who patiently managed to get this in.
But the slow pace of getting security-tightening mechanisms into the kernel is embarrassing.
It's absurd to wait until "all applications as libraries are perfect" as a security strategy. We need a "plan B". A kernel cannot prevent all errors from becoming security vulnerabilities, but where the kernel can reasonably prevent them or reduce their effects, it should do so.
We should be making security-tightening measures a high priority, not something that's done as a last resort. We should be searching for those mechanisms, not trying to prevent their inclusion.
to post comments)