[cap-talk] Union of runtimes (was: I Recant)
Tyler Close
tyler.close at gmail.com
Fri Jan 19 11:38:00 CST 2007
On 1/18/07, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> Tyler's response almost answers my question. The thing that is missing
> from his description is some rough calibration of the sizes of the
> efforts he has made. Tyler: can you calibrate these in terms of lines of
> code or number of statements?
A little north of 20k lines of code. A feasible effort for the lone programmer.
The real question is what impact does the defensive consistency
requirement have on programmer productivity, assuming no value is
placed on having secure code. I experienced a training period, in
which I repeatedly had to go back and redo my work because I realized
it did not meet the defensive consistency requirement. I am not making
those same mistakes now. I find I can get work done with the same
speed as before. Though, working in a language that was not designed
to support defensive consistency, Java, I cannot be sure there are not
more mistakes I have not discovered yet.
During development, I did one mini test of productivity. It took me
about 18hrs of work to implement a non-validating XML parser that
turns a binary stream into a stream of SAX2 events. MarkM did a
mini-review of this code and did not report any security bugs. I don't
know how hard he looked, but I also think the code is correct.
Tyler
--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/
Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/firefox/957/
More information about the cap-talk
mailing list