[cap-talk] POLA focus seen as counter productive
James A. Donald
jamesd at echeque.com
Fri Jun 15 20:58:55 EDT 2007
James A. Donald wrote:
>> There is an urgent need (needs where people will pay
>> money for solutions that actually work) client side for
>> an environment in which highly untrusted code - code
>> within emails and web pages - may run.
>>
>> There is also an urgent need, server side, for a safe
>> environment in which to run code that comes under severe
>> attack...
Jonathan S. Shapiro wrote:
> I agree with both of those points. None of us seem to be building that,
> because it is unlikely that we *can*. The need is urgent, but you are
> effectively asking to retrofit defensibility onto systems that weren't
> designed for it.
If something runs inside a VM, it does not matter how indefensible the
system is outside the VM.
More information about the cap-talk
mailing list