Recently I was in a position where I needed to propose and defend theĪddition of “hardening” options to a networked embedded product. One interesting technique forĮither reducing the impact of vulnerabilities or stopping them fromīeing exploitable is to “harden” a program by instrumenting the resultingīinaries to check for issues at runtime. As security isĪn emergent property in a system, demonstrating that a system is free of Is hard, and proving that there are no bugs is even harder. Unless a system is trivial, it contains bugs. Horsepower, that cost may be reduced performance. Relate to an increased development effort or increased cost to a product.įor an embedded system, where devices may have reduced memory or CPU Nothing is free, and each technique includes trade-offs. Product should have fewer vulnerabilities, and those that exist should have Is perfect, but when combined together the expectation is that the resulting Informed by potential threats to secure development practices. Examples include creating an architecture There areĪ number of techniques available for helping one develop software which It can be even more difficult to write software which is secure. Writing “good” software, for whatever definition of good you pick, is not easy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |