develooper Front page | perl.perl5.porters | Postings from March 2006

[CT22] OWG on Programming Language Vulnerabilities

From:
Alan Burlison
Date:
March 28, 2006 23:26
Subject:
[CT22] OWG on Programming Language Vulnerabilities
Message ID:
442A365D.6040404@sun.com
Picked this up internally, donno if anyone has already seen it...

-- 
Alan Burlison
--

-------- Forwarded Message --------
*From*: Moore, Jim <moorej@mitre.org 
<mailto:%22Moore,%20Jim%22%20%3cmoorej@mitre.org%3e>>
*To*: ct22@lists.itic.org <mailto:ct22@lists.itic.org>
*Subject*: [CT22] OWG on Programming Language Vulnerabilities
*Date*: Tue, 28 Mar 2006 15:00:26 -0500
(CT22 Participants - Please circulate this note among CT22 and the 
various TAGs and other organizations related to it. Thanks - Jim)

JTC 1/SC 22 has created a new project to deal with the subject of 
vulnerabilities in programming languages. The basic technical concept is 
that all programming languages contain features that are poorly 
specified, difficult to use correctly, or dependent upon particular 
implementations. In some cases, these features cause software codes to 
become vulnerable to malicious parties. The intent of the project is to 
create guidance on dealing with these problems. In some cases, the 
guidance will be generic across languages; in other cases the guidance 
will be specific to languages. For further information, I have attached 
the approved NP.

The project is being implemented in an unusual manner. SC22 has created 
an OWG ("Other Working Group") on Vulnerabilities. This group is 
convened by me, Jim Moore, and the co-convener is John Benito. I'm the 
convener of WG9 (Ada) and John is the convener of WG14 (C); so we cover 
a wide range of programming language design. It is our intent to enlist 
experts from other working groups so that we can further broaden the 
range of expertise. We also have permission to enlist experts from 
non-ISO languages, like Java. Finally, of course, we need participants 
from national bodies.

The purpose of this note is to encourage US participation. Because an 
OWG is not-quite-a-working-group, I believe that the arrangements to 
participate in it are somewhat informal. I've told potential 
participants that they should join ANY NB shadow organization for a 
programming language. In the case of the US, persons who are interested 
in participating should contact me or John as well as Rex.

Thanks very much.

Regards, Jim Moore
---
James W. Moore, *CSDP, F-IEEE*
The MITRE Corporation
7515 Colshire Drive, H505, McLean, VA 22102-7508
Office: +1.703.983.7396 Fax: +1.703.983.1279 Cell: +1.301.938.0260
Email for MITRE use: moorej@mitre.org <mailto:moorej@mitre.org>. Email 
for everyone else: James.W.Moore@ieee.org <mailto:James.W.Moore@ieee.org>



nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About