Security: Rob Braxman Doesn't Get It
My comment was deleted by YouTube:
Open Source is not the solution. I have been trying to get people to understand this for nine years. Richard Stallman didn't get it either. Google "karger schell multics security evaluation" and read about object code trap doors in the 1974 USAF report. [https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/karg74.pdf] The problem is that the semantics of the language, whether assembly or higher-level are determined in practice by some object code, which is the machine language the CPU executes as it compiles the program. Karger and Schell recognised and described this problem and produced an example in Multics in the early seventies. The problem is still not recognised by security professionals. So what do we do? I wrote about my 2014 battle with Richard Stallman in a blog post called "The Mother of All Software Vulnerabilities" on a blog called logicabolivia on blogspot try searching for it.
See The Mother of all Software Vulnerabilities and https://www.acsac.org/2002/papers/classic-multics.pdf.
Subscribe to Rob Braxman.
Maybe Richard Stallman got upset? Chrissie Mayr's SimpCast 16 Clip.
Comments
Post a Comment