Whenever considering applications that rely on generative AI, I believe we always need to ask if we can trust it. And given the technology’s track record it’s hard to imagine how we are going to honestly be able to say “100%” any time soon. That’s why, for the time being, I think the following guideline will be very important.
[Read More]The book Designing Secure Software: a guide for developers took nearly two years from finding a publisher to publication. These posts tell part of my experience developing the book and writing it. Writing a book is the ideal project for riding out a pandemic.
Better security discussions
I’ve been a fan of threat modeling for many years, but only recently seeing that it isn’t just behind-the-scenes work for software professionals to do. Threats and mitigations need to be part of any discussion about security. That is, news articles that urgently warn of the latest zero-day or when privacy advocates decry the latest outrage from the big platforms, to frame a good discussion requires outlining the threat model you are talking about.
[Read More]Running the “Reflections on Trusting Trust” Compiler
In the Afterword of my book I mention Ken Thompson’s classic “Trusting Trust” paper showing how to embed a backdoor into an OS by compiling the compiler such that the modification is invisible in source code.
[Read More]Japanese translation is on sale
8月18日、新刊『セキュアなソフトウェアの設計と開発』を発刊
The Japanese translation of my book goes on sale this week. This is particularly rewarding for me because I lived and worked there for about ten years and speak the language well enough to read the text (but nowhere near ability write at a publishable level of quality). I’m quoted in the press release, wrote a special preface (English version), and there’s an interview with the translators in the book (all in Japanese, obviously).
[Read More]On the Signature Reblocking Problem in Public Key Cryptosystems
In Chapter 5 of the book I write about my good fortunate meeting two of the RSA algorithm inventors at MIT, and collaborating with them. As soon as I had a chance to ready their (as yet unpublished) paper, the “reblocking problem” bothered me as a rather awkward implementation detail. This refers to a technical issue described in Section X (Avoiding “Reblocking” When Encrypting A Signed Message) of the foundational RSA paper that is described in a nutshell in the first sentence.
[Read More]Bard likes my book
I was surprised that Bard has read my book, or at least claims to have. Here’s our conversation about it, word for word: it’s a good overview.
[Read More]Polish translation is on sale
Wspaniale jest widzieć, że ukazało się polskie tłumaczenie mojej książki o bezpieczeństwie oprogramowania. (It’s great to see that the Polish translation of my book on software security is out. )
[Read More]