[cap-talk] Midori in The Register
Jonathan S. Shapiro
shap at eros-os.com
Tue Aug 5 20:28:39 CDT 2008
On Wed, 2008-08-06 at 02:22 +0100, David-Sarah Hopwood wrote:
> In any case, I have not seen Microsoft make any specific claim along
> the lines of "managed code necessarily implies better security".
> At least, nothing beyond quite reasonable statements about benefits
> of memory safety and type safety in addressing certain classes of
> "programming mistakes that often lead to security holes", as [*]
> puts it.
I agree. But it would be completely fair and reasonable for MS to claim
that all managed code is type safe, and type safe code is a
*precondition* to security.
That is: managed code cannot guarantee security, but type-unsafe code
(which is not quite the same as unmanaged code) does guarantee the
absence of security.
shap
More information about the cap-talk
mailing list