The SolarWinds attack should have been caught by Traffic Analysis at the firewalls of the user organizations. The failure to detect this points to severe incompetence and a lack of thorough work attitude. It seems the cunning opponents fooled the firewall guardians by using an almost-correct name for their C&C server.

Competent firewall guardians must be capable Perl programmers, or they will be overwhelmed by the massive log files generated every single day.

And a single kernel exploit will hand the system to the attacker,

seL4 is just 17kloc and PROVEN memory safe.

An exploit in a subsystem will pwn only the subsystem(say TCP stack), not the entire machine

https://fgw.ddnss.de/L4gegenue...

Now if we combine this with memory safe languages, actually secure computers could emerge.

Your "secret" OS, probably riddled with C-based exploits, would be acquired by opposing nations in a matter of months.

Don't take my word, just check Migs and Mils they have on U.S. testing ranges.

Paying off the Vikings only made them more hungry next time.

Unfortunately SD adds a dot to the URLs. Please remove and press reload.

seL4

Strong Typing

Sandboxing

Memory Safe Languages

Strict Input Parsing/Scanning

Formally specified data structures

Complete requirements documents

Complete Unit Testing

Fuzz Testing

K.I.S.S.

But it now seems the most vulnerable nation is America herself. So, who benefits most from these halfbaked Unix and Windows Systems ???

Some really cunning people have convinced millions of applied computer scientists that kernels must be written in C. A single exploit will pwn the entire machine. Despite the fact that we had much better ALGOL-based mainframes with bounds checking, typed/tagged memory and so on.

We first need a serious talk about this problem before we talk about professional standards. When/If this will be fixed, we can talk about mandating a CS degree for any security critical work. No more shoddy data structure parsers, for example.

Just because the Windows and Linux kernels are hopless affairs, does not mean secure computers are impossible.
If you are interested, read my other post on this page and have a look at this:

https://fgw.ddnss.de/L4gegenue... (please excuse the outdated cert, will fix this in the coming days)

https://de.wikipedia.org/wiki/...

http://sappeur.ddnss.de/

http://sappeur.ddnss.de/SAPPEU...

There have also been projects by Microsoft Research on memory safe kernels and there were(are?) the ALGOL Mainfames from ICL, Unisys and MCST. Unix+C (and Windows+C) is an unfortunate line of insecure software engineering. They must be retired to achieve substantially better security.

The lack of Memory Safety is indeed the most important cause of cybernetic exploits. About 70% of the CVE database entries are related to buffer overflows, use after free, double frees and so on. Even experienced software engineers will have some bugs in their programs and the language should do its best to limit the damage from that.

It is time to stop using C and C++ for systems programming, which will eliminate said 70% of CVE issues. Even operating systems can largely be built using memory safe program code. Only tiny parts of an OS need to be unsafe code (e.g. saving registers for a context switch, setting driver registers etc).

I have not yet written an OS, but "only" a web/app server in an efficient memory safe language: http://gauss.ddnss.de./ It can run on tiny machines, unlike Tomcat. No need for GC freeze, either.

The language and its compiler can be found here: http://sappeur.ddnss.de./ It is basically a memory safe variant of C++. A bit rough, but already usable for medium sized projects.

It is time to get rid of handcoded/unverified C and C++ code, or face even worse damage in the coming years !

Dipl. Ing.(BA) Frank Gerlach
Stuttgart
Germany