It is possible to develop secure code but only if vendors use a robust software development process and aren't afraid to call a monkey when they see a monkey, according to the retired chief scientist of the National Security Agency, Brian Snow.
In order to watch video content you need to enable javascript and install Flash player version 8 or above.
At the AusCERT 2008 security conference on the Gold Coast today, Snow told ZDNet.com.au that software can be secure — but only if vendors overhaul the way they create it.
"We do not have robust software development processes. It is not that they cannot exist — there are many excellent software development environments out there that produce much better code than any commercial firms are.
Brian Snow speaking at AusCERT 2008
Credit: ZDNet.com.au
"A lot of commercial firms still produce what I call spaghetti code … they buy programmers … and let them work freely and creatively to produce code that they plug into the system without anybody else reviewing [it]," said Snow.
Reviewing is the "minimum first step", according to Snow, who said software designers have difficulty seeing faults in their own code — they need some "nasty cruel reviewer" to point them out.
"The designer loves his work — he is not capable of looking at it dispassionately. It is like his baby he is not going to throw it out.
"You need some nasty cruel reviewer to say, 'it's not a lovely baby, it's an ugly monkey, you have to go and work on it some more'," Snow said.
Yes - not new - we knew that software development by humans would inherently suffer from some level of mistakes -many of a security concern. That is why that 1960s/1970s MULTICS research set up an architecture that could offer some form of "insurance" against those problems, e.g. unhandled buffer overflow, executing "data" and so on. The REAL problem is that that MULTICS style vital "layering" of system design, inherent later in the Intel x86 CPUs in every PC, was ignored by an industry that had no form of safety and security control, legislation or industry security policy at the government/political level.
Today we need a new generation of base hardwarre and operating system/middleware software and firmware systems to cater for this reality - and we are getting it - with SELinux, Open Solaris 10 with Trust Extensions ( and the newer "Flexible Mandatory Access Conrtol (FMAC)" technology. BUT.. it is going to need government and public sector leadership - just like how the Internet started - in getting those secure systems and software development systems into the marketplace....Yes, government purchasing policy that REQUIRES such enhanced security systems for its systems.