From owner-freebsd-security  Thu Jul 23 21:37:33 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id VAA11957
          for freebsd-security-outgoing; Thu, 23 Jul 1998 21:37:33 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from adam.adonai.net (adam.adonai.net [207.8.83.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id VAA11913
          for <security@FreeBSD.ORG>; Thu, 23 Jul 1998 21:37:21 -0700 (PDT)
          (envelope-from leec@adam.adonai.net)
Received: from localhost (leec@localhost)
	by adam.adonai.net (8.8.7/8.8.7) with SMTP id XAA09900;
	Thu, 23 Jul 1998 23:36:47 -0500 (CDT)
	(envelope-from leec@adam.adonai.net)
Date: Thu, 23 Jul 1998 23:36:47 -0500 (CDT)
From: "Lee Crites (ASC)" <leec@adam.adonai.net>
To: Brett Glass <brett@lariat.org>
cc: Andrew Kenneth Milton <akm@zeus.theinternet.com.au>, security@FreeBSD.ORG
Subject: Re: Translation to a safer language (Was: Projects to improve   security)
In-Reply-To: <199807221459.IAA04129@lariat.lariat.org>
Message-ID: <Pine.BSF.3.96.980723233121.9874C-100000@adam.adonai.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Wed, 22 Jul 1998, Brett Glass wrote:

=>>The only way to prevent bad code is to audit and test.
=>
=>It'd be nice if even *that* worked. I've developed a renewed interest
=>in mechanical verification.

There is this guy named Michael Fagan who is going about teaching
what he calls Fagan Inspections.  It sounds okay on the surface,
but there is nothing magical about it.  Faganized code *should*
have fewer defects in it -- any code you and three friends spend
40% of your time inspecting had darn well better have fewer
defects!  Actually, I said that backwards -- 40% of your coding
man hours will be in inspections.  If you had a 60 man hour
project, then it would be 100 man hours including the
inspections.

There are a lot of stats showing a real defect reduction by
Faganizing your code (and documents -- they both work). 
Motorola, for instance, swears by them.  (...we are still at the
stage of swearing *at* them...) 

It *is* possible for an inspection process to work.  It just
takes more time, effort, and discipline than most organizations
can handle.

Lee

  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
                       Lee Crites
       Adonai Services Company, Round Rock, Texas
  leec@adonai.net           http://www.adonai.net/~leec
  =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message