Dramatically Reducing Software Vulnerabilities [pdf]

Those are the usual answers. But they&#x27;re too broad.<p>A good way to look at the problem is that trusted software needs to be far less vulnerable, and untrusted software needs to be kept in a cage where it can&#x27;t make trouble.<p>On the untrusted side, all games, for example, should be caged or sandboxed. (Yes, this breaks some intrusive anti-cheat mechanisms. Tough.) Applications on phone-type platforms should have far fewer privileges, (Yes, that breaks some ad networks. Tough.)<p>Until somebody with enough power to make it stick takes a hard-ass position and sets standards, there&#x27;s not going to be progress. It would be progress if AT&amp;T or Comcast or Verizon deployed secure routers, for example.

Fairly in-depth. I&#x27;m surprised though, at the generally positive tone around containers&#x2F;docker. No mention of the the current widespread practice of containers running as root. Nothing about the relative lack of protection against local kernel exploits escaping the container, etc.<p>Was expecting something a little more balanced on the topic.

I don&#x27;t really understand why this doesn&#x27;t cover memory safety.

It seems like I am seeing something about SAT solvers almost every day now.

Some of these are great, some of these are OK, and some of these are horrible ideas. I wish instead of &quot;studies&quot; we did RFCs

&quot;A weakness is an undesired characteristic of a system’s requirements, design or implementation [Black11a]. This definition excludes:<p>* ...<p>* insider malfeasance, such as exfiltration by Edward Snowden&quot;<p>Heh.