This month Peter turns a jaundiced eye towars the sorry state of software development. Specifically what are the flaws that cause the industry to turn out program after program with security holes. What are Companies like Sun doing to correct the problem? What should they be doing? The answer: Peter’s own Software Development Security Design Methodology.

This paper explores the problem of protecting a site on the internet against hostile external JAVA applets while allowing trusted internal applets to run . With careful implemnetation, a site can be made resistant to current JAVA security weaknesses as well as those yet to be discovered. In addtion, we describe a new attack on certain sophisticated firewalls that is most efeectively realized as a JAVA applet.

The convetional classification of software fault detection techniques as staticor dynamic analysis is inadequate as a basis for identifying useful relationships between techniques. A more useful distinction is between techniques that sample the space of possible new execuations, and techniques that fold the space. The new distinction provides better insight into the ways different techniques can interact. and is a basis for considering hybrid fault detection techniques including combinations of testing and formal verification.

The programming language C has been in widespread use since the early 1970s, and is it probably the language most widely used by computer science professionals. The goal of this paper is to argue that it is time to retire C in favour of a more modern language. The choice of a programming langauge is often an emotional issue which is not the subject of rational discussion. Nevertheless it is hoped to show here that there are good objective reasons why C is not a good choice for large programming projects. These reasons are related primarily to the issues of software readability and programmer productivity.