Kernel Mustard

I just saw Sergey Bratus’s talk at TROOPERS 10. He’s an interesting guy, and his talk was good. He’s a CS professor at Dartmouth, and he’s actually making an effort, on behalf of the academic community, to inject some genuine security clue into the education of CS students. He obviously has a tough topic to address, but he looks like he’s on the right track to me.

One thing he pointed out is that a lot of vulnerabilities over the years have actually resulted from the accidental creation of Turing-complete systems. (He has a nice Cthulu slide making the point.)

It struck me that one goal of “secure programming” would be the avoidance of the creation of Turing-complete systems. It’s a crazy world when it’s harder to avoid the creation of such a system than it is to actually create one.

Anyway, Marsh and I are speaking in a couple of hours. If you’re here, come by and bring your rotten tomatoes!

Sorry for all of the blog spam; I had experimented with the idea of auto-posting my tweets to my blog, on the theory that I rarely tweet, and it tended to be the same sort of thing I’d have posted here. Turns out that I tweet more often than I thought, and generally about pretty useless stuff.

On the upside, at least three people complained about it in the last 12 hours, so obviously someone still reads my blog! Heh…

Fixed. Noted for future reference. Thanks.

I’m getting ready to head out to Heidelberg, Germany with Marsh to attend TROOPERS10. Marsh and I are finally doing a more technical version of the TLS talk. It should be a great time!

If you’re going to be in the area (Heidelberg or northern Switzerland, where I’m flying in/out of), drop me a line!