Frama-C Robert Graham, of the blog Errata Security, predicts that “vulnerabilities in Acrobat Reader Adobe Flash and Java today […] will be announced and patched in 2013”. As fate would have it he could safely have included Internet Explorer 8 in his list of software products used by millions to process...
Read MoreIn a blog post earlier this year, John Regehr wonders when software verification will finally matter. He means “formal verification”, I am pretty sure. “Verification” is what practitioners of, say, the software development V-cycle have been doing for decades, and it has kept us safe for that long—at least, when...
Read MoreBruce Schneier is, among other things, the author of the blog Schneier on Security. He is also one of the co-authors of the Skein cryptographic hash function the SHA-3 contestant being verified in Frama-C's value analysis tutorial in the manual and then on this blog. I feel silly introducing him...
Read MoreToday, the New York Times has an homage to Peter G. Neumann. Many people cite Albert Einstein’s aphorism “Everything should be made as simple as possible but no simpler.” Only a handful however have had the opportunity to discuss the concept with the physicist over breakfast. One of those is...
Read MoreOctober is National Cyber Security Awareness Month (if you are in the United States; otherwise it is Another Country's Cyber Security Awareness Month). In celebration here is a short list of recent cyber-security failures: An iPhone user navigating to a malicious webpage can see eir personal information (address book browsing...
Read More