Frama-C In a blog post earlier this year, John Regehr wonders when software verification will finally matter. He means “formal verification”, I am pretty sure. “Verification” is what practitioners of, say, the software development V-cycle have been doing for decades, and it has kept us safe for that long—at least, when...
Read MoreBruce Schneier is, among other things, the author of the blog Schneier on Security. He is also one of the co-authors of the Skein cryptographic hash function the SHA-3 contestant being verified in Frama-C's value analysis tutorial in the manual and then on this blog. I feel silly introducing him...
Read MoreToday, the New York Times has an homage to Peter G. Neumann. Many people cite Albert Einstein’s aphorism “Everything should be made as simple as possible but no simpler.” Only a handful however have had the opportunity to discuss the concept with the physicist over breakfast. One of those is...
Read MoreOctober is National Cyber Security Awareness Month (if you are in the United States; otherwise it is Another Country's Cyber Security Awareness Month). In celebration here is a short list of recent cyber-security failures: An iPhone user navigating to a malicious webpage can see eir personal information (address book browsing...
Read MoreI usually feel uncomfortable diving into the subject of safety vs security, because while I think I have a good intuition of the difference between them, I find this difference hard to formalize in writing. Fortunately, a large “security” “administration” provides: “We use layers of security to ensure the security...
Read More