* US Government looking into memory safe programming @ 2023-09-24 22:28 ajdude 2023-09-25 7:52 ` Luke A. Guest 0 siblings, 1 reply; 8+ messages in thread From: ajdude @ 2023-09-24 22:28 UTC (permalink / raw) The US Government is requesting information on adoption of memory safe programming languages and open-source software security. They’re currently taking comments until October 9th. I think this is a good opportunity to help bring Ada back into the spotlight. https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization AJ ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-24 22:28 US Government looking into memory safe programming ajdude @ 2023-09-25 7:52 ` Luke A. Guest 2023-09-25 9:59 ` Stéphane Rivière 0 siblings, 1 reply; 8+ messages in thread From: Luke A. Guest @ 2023-09-25 7:52 UTC (permalink / raw) On 24/09/2023 23:28, ajdude wrote: > The US Government is requesting information on adoption of memory safe > programming languages and open-source software security. They’re currently > taking comments until October 9th. I think this is a good opportunity to help > bring Ada back into the spotlight. > > https://www.federalregister.gov/documents/2023/08/10/2023-17239/request-for-information-on-open-source-software-security-areas-of-long-term-focus-and-prioritization History is repeating itself. How long before they relax the requirements and idiots say "we can use C again, yay!"? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-25 7:52 ` Luke A. Guest @ 2023-09-25 9:59 ` Stéphane Rivière 2023-09-25 10:38 ` J-P. Rosen 0 siblings, 1 reply; 8+ messages in thread From: Stéphane Rivière @ 2023-09-25 9:59 UTC (permalink / raw) > History is repeating itself. +1 > How long before they relax the requirements > and idiots say "we can use C again, yay!"? By the time they discover Rust ? -- Stéphane Rivière Ile d'Oléron - France ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-25 9:59 ` Stéphane Rivière @ 2023-09-25 10:38 ` J-P. Rosen 2023-09-25 15:55 ` G.B. 2023-09-26 6:55 ` Stéphane Rivière 0 siblings, 2 replies; 8+ messages in thread From: J-P. Rosen @ 2023-09-25 10:38 UTC (permalink / raw) Le 25/09/2023 à 11:59, Stéphane Rivière a écrit : >> How long before they relax the requirements >> and idiots say "we can use C again, yay!"? > By the time they discover Rust ? Or when they realize that there is only one rust compiler, and therefore that a single compiler virus could ruin the whole defense system. -- J-P. Rosen Adalog 2 rue du Docteur Lombard, 92441 Issy-les-Moulineaux CEDEX https://www.adalog.fr https://www.adacontrol.fr ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-25 10:38 ` J-P. Rosen @ 2023-09-25 15:55 ` G.B. 2023-09-25 16:21 ` Luke A. Guest 2023-09-26 6:55 ` Stéphane Rivière 1 sibling, 1 reply; 8+ messages in thread From: G.B. @ 2023-09-25 15:55 UTC (permalink / raw) On 25.09.23 12:38, J-P. Rosen wrote: > Le 25/09/2023 à 11:59, Stéphane Rivière a écrit : >>> How long before they relax the requirements >>> and idiots say "we can use C again, yay!"? >> By the time they discover Rust ? > > Or when they realize that there is only one rust compiler, and therefore that a single compiler virus could ruin the whole defense system. > Maybe, given the emphasis on tools, verification and best practices, they might consider sub-languages, or profiles, of several existing languages. It's not like memory-safety cannot be made available in languages other than Rust, I should think? Though, it seems to me that Rust has so much better market-aware development strategies than any other language since C, outside Microsoft's or Apple's areas of sales. Also, I understand that Linux kernel development is steered towards Rust and LLVM. So, they have decided not to go back to the 80s, just pick some good bits and move on, possibly producing grust or crust while at it. In order to pick well from Ada and the concepts embodied in it, imagine what parts of Ada should be thrown out, ignoring commercial enterprises living off legacy business? What changes to Ada are a good fit while aiming at memory safety, verification support, or light weight and safe parallel execution? As you can see in [1], there is a suggestion to make money available to refactoring efforts. [1]: https://www.federalregister.gov/d/2023-17239/p-37 ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-25 15:55 ` G.B. @ 2023-09-25 16:21 ` Luke A. Guest 0 siblings, 0 replies; 8+ messages in thread From: Luke A. Guest @ 2023-09-25 16:21 UTC (permalink / raw) On 25/09/2023 16:55, G.B. wrote: > What changes to Ada are a good fit while aiming > at memory safety, verification support, > or light weight and safe parallel execution? I started thinking about that here https://github.com/Lucretia/orenda. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-25 10:38 ` J-P. Rosen 2023-09-25 15:55 ` G.B. @ 2023-09-26 6:55 ` Stéphane Rivière 2023-09-26 11:23 ` Kevin Chadwick 1 sibling, 1 reply; 8+ messages in thread From: Stéphane Rivière @ 2023-09-26 6:55 UTC (permalink / raw) > Or when they realize that there is only one rust compiler, and therefore > that a single compiler virus could ruin the whole defense system. Good point ! Still some doubts about their ability to reason that far ;) -- Stéphane Rivière Ile d'Oléron - France ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: US Government looking into memory safe programming 2023-09-26 6:55 ` Stéphane Rivière @ 2023-09-26 11:23 ` Kevin Chadwick 0 siblings, 0 replies; 8+ messages in thread From: Kevin Chadwick @ 2023-09-26 11:23 UTC (permalink / raw) >> Or when they realize that there is only one rust compiler, and therefore >> that a single compiler virus could ruin the whole defense system. > >Good point ! > >Still some doubts about their ability to reason that far ;) Whilst I have in the past refused to use lattice semi conductor hardware due to a CDN preventing secure compiler verification, whilst apparently noone or few noticed. I assume you mean trojaned compiler code inserted upstream to disable protections or ignore unsafe code? Or do you mean utf-8 library code substitution aimed at a particular compiler? -- Regards, Kc ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2023-09-26 11:23 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2023-09-24 22:28 US Government looking into memory safe programming ajdude 2023-09-25 7:52 ` Luke A. Guest 2023-09-25 9:59 ` Stéphane Rivière 2023-09-25 10:38 ` J-P. Rosen 2023-09-25 15:55 ` G.B. 2023-09-25 16:21 ` Luke A. Guest 2023-09-26 6:55 ` Stéphane Rivière 2023-09-26 11:23 ` Kevin Chadwick
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox