1148
David Dill, Professor of Computer Science @ Stanford, moderator. Steve Lipner, Microsoft. Matt Blaze, AT&T.
Matt Blaze: Antibiotics helped head off the problem of corpse disposal. Similarly, good secure programming practices can help head off the problem of intrusion recovery. However, just as we don't completely understand phsyics, or biology, or other aspects of life, we don't yet completely understand computer code. We cannot simply look at a piece of code and know every possible outcome of the use of that code - context is key, and context varies wildly. Also, the scientific method pays little heed to reputation or stature of the author of a particular hypothesis or assertion. Rather, the scientific method relies heavily on testing, peer review, and constant questionining of everything. [paraphrased]
[GF: The implication I draw from this is that computer and network security could benefit from software undergoing aspects of the scientific method, such as peer review. I agree completely.]
Quoted from Alfred Hobbs, a well-known historical figure from the 1850s whose research and successful defeat of various "strong" lock mechanisms created a lot of controversy and has valuable lessons for us today.
Steve Lipner: Feels that we all owe a debt to Rainforest Puppy, because he articulated the concept that reseachers should contact the developer/publisher about security problems first, prior to public disclosure. Points out that software development practices can be incredibly complex, due to (for example) localizations. Prefers that finders not release exploit code at all, but barring that prefers that finders at least wait to release exploit code.
David Dill:
Matt: Absolutely, Microsoft (and other vendors) do not desire to release software which has security bugs. However, cost-benefit analyses come into play. [paraphrased]
Audience: What alternative to proof-of-concept code could allow customers to conduct thorough testing of patches which claim to solve a particular problem?
Steve Lipner: Many more people are harmed by the release of exploit code than benefit from using it for responsible testing. [summarized]
Matt Blaze: If I think of a clever idea (e.g. exploit), chances are good that someone else has too.