* US Government looking into memory safe programming
@ 2023-09-24 22:28 ajdude
2023-09-25 7:52 ` Luke A. Guest
0 siblings, 1 reply; 8+ messages in thread
From: ajdude @ 2023-09-24 22:28 UTC (permalink / raw)
The US Government is requesting information on adoption of memory safe
programming languages and open-source software security. They’re currently
taking comments until October 9th. I think this is a good opportunity to help
bring Ada back into the spotlight.
https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization
AJ
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-24 22:28 US Government looking into memory safe programming ajdude
@ 2023-09-25 7:52 ` Luke A. Guest
2023-09-25 9:59 ` Stéphane Rivière
0 siblings, 1 reply; 8+ messages in thread
From: Luke A. Guest @ 2023-09-25 7:52 UTC (permalink / raw)
On 24/09/2023 23:28, ajdude wrote:
> The US Government is requesting information on adoption of memory safe
> programming languages and open-source software security. They’re currently
> taking comments until October 9th. I think this is a good opportunity to help
> bring Ada back into the spotlight.
>
> https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization
History is repeating itself. How long before they relax the requirements
and idiots say "we can use C again, yay!"?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-25 7:52 ` Luke A. Guest
@ 2023-09-25 9:59 ` Stéphane Rivière
2023-09-25 10:38 ` J-P. Rosen
0 siblings, 1 reply; 8+ messages in thread
From: Stéphane Rivière @ 2023-09-25 9:59 UTC (permalink / raw)
> History is repeating itself.
+1
> How long before they relax the requirements
> and idiots say "we can use C again, yay!"?
By the time they discover Rust ?
--
Stéphane Rivière
Ile d'Oléron - France
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-25 9:59 ` Stéphane Rivière
@ 2023-09-25 10:38 ` J-P. Rosen
2023-09-25 15:55 ` G.B.
2023-09-26 6:55 ` Stéphane Rivière
0 siblings, 2 replies; 8+ messages in thread
From: J-P. Rosen @ 2023-09-25 10:38 UTC (permalink / raw)
Le 25/09/2023 à 11:59, Stéphane Rivière a écrit :
>> How long before they relax the requirements
>> and idiots say "we can use C again, yay!"?
> By the time they discover Rust ?
Or when they realize that there is only one rust compiler, and therefore
that a single compiler virus could ruin the whole defense system.
--
J-P. Rosen
Adalog
2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX
https://www.adalog.fr https://www.adacontrol.fr
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-25 10:38 ` J-P. Rosen
@ 2023-09-25 15:55 ` G.B.
2023-09-25 16:21 ` Luke A. Guest
2023-09-26 6:55 ` Stéphane Rivière
1 sibling, 1 reply; 8+ messages in thread
From: G.B. @ 2023-09-25 15:55 UTC (permalink / raw)
On 25.09.23 12:38, J-P. Rosen wrote:
> Le 25/09/2023 à 11:59, Stéphane Rivière a écrit :
>>> How long before they relax the requirements
>>> and idiots say "we can use C again, yay!"?
>> By the time they discover Rust ?
>
> Or when they realize that there is only one rust compiler, and therefore that a single compiler virus could ruin the whole defense system.
>
Maybe, given the emphasis on tools, verification and best
practices, they might consider sub-languages, or profiles,
of several existing languages.
It's not like memory-safety cannot be made available in
languages other than Rust, I should think? Though, it seems
to me that Rust has so much better market-aware development
strategies than any other language since C, outside Microsoft's
or Apple's areas of sales.
Also, I understand that Linux kernel development is
steered towards Rust and LLVM. So, they have decided
not to go back to the 80s, just pick some good bits
and move on, possibly producing grust or crust while
at it.
In order to pick well from Ada and the concepts embodied in it,
imagine what parts of Ada should be thrown out,
ignoring commercial enterprises living off legacy business?
What changes to Ada are a good fit while aiming
at memory safety, verification support,
or light weight and safe parallel execution?
As you can see in [1], there is a suggestion to make money
available to refactoring efforts.
[1]: https://www.federalregister.gov/d/2023-17239/p-37
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-25 15:55 ` G.B.
@ 2023-09-25 16:21 ` Luke A. Guest
0 siblings, 0 replies; 8+ messages in thread
From: Luke A. Guest @ 2023-09-25 16:21 UTC (permalink / raw)
On 25/09/2023 16:55, G.B. wrote:
> What changes to Ada are a good fit while aiming
> at memory safety, verification support,
> or light weight and safe parallel execution?
I started thinking about that here https://github.com/Lucretia/orenda.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-25 10:38 ` J-P. Rosen
2023-09-25 15:55 ` G.B.
@ 2023-09-26 6:55 ` Stéphane Rivière
2023-09-26 11:23 ` Kevin Chadwick
1 sibling, 1 reply; 8+ messages in thread
From: Stéphane Rivière @ 2023-09-26 6:55 UTC (permalink / raw)
> Or when they realize that there is only one rust compiler, and therefore
> that a single compiler virus could ruin the whole defense system.
Good point !
Still some doubts about their ability to reason that far ;)
--
Stéphane Rivière
Ile d'Oléron - France
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming
2023-09-26 6:55 ` Stéphane Rivière
@ 2023-09-26 11:23 ` Kevin Chadwick
0 siblings, 0 replies; 8+ messages in thread
From: Kevin Chadwick @ 2023-09-26 11:23 UTC (permalink / raw)
>> Or when they realize that there is only one rust compiler, and therefore
>> that a single compiler virus could ruin the whole defense system.
>
>Good point !
>
>Still some doubts about their ability to reason that far ;)
Whilst I have in the past refused to use lattice semi conductor hardware due
to a CDN preventing secure compiler verification, whilst apparently noone
or few noticed.
I assume you mean trojaned compiler code inserted upstream to disable
protections or ignore unsafe code?
Or do you mean utf-8 library code substitution aimed at a particular
compiler?
--
Regards, Kc
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-26 11:23 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-09-24 22:28 US Government looking into memory safe programming ajdude
2023-09-25 7:52 ` Luke A. Guest
2023-09-25 9:59 ` Stéphane Rivière
2023-09-25 10:38 ` J-P. Rosen
2023-09-25 15:55 ` G.B.
2023-09-25 16:21 ` Luke A. Guest
2023-09-26 6:55 ` Stéphane Rivière
2023-09-26 11:23 ` Kevin Chadwick
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox