[cap-talk] What sustained interest in capabilities
Mark Miller
erights at gmail.com
Wed Jan 7 22:34:51 EST 2009
On Wed, Jan 7, 2009 at 6:56 PM, David-Sarah Hopwood
<david.hopwood at industrial-designers.co.uk> wrote:
> Please don't misrepresent my argument. I was very clear that my
> objection was that this approach is insufficient in the long term --
> not that it is pointless, and not that it doesn't reduce short-term
> risk.
Indeed. To emphasize the distinction, I'd like to point out that
David-Sarah has invested substantial effort, and made substantial
contributions to, efforts to secure JavaScript by external
verification (his own Jacaranda) and rewriting (his contributions to
Caja). If ever we needed an example of reducing risk by building a
thin layer of security on top of a heaping pile of chaotic unspecified
insecure expletive deleted, all of today's existing browsers provide a
better example than one could have hoped for. So clearly David-Sarah
agrees that such layering efforts are valuable.
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list