From: Fabrice Le Fessant <Fabrice.Le_fessant@inria.fr>
To: Pierre-Etienne Meunier <pierreetienne.meunier@gmail.com>
Cc: oliver <oliver@first.in-berlin.de>, O Caml <caml-list@inria.fr>
Subject: Re: [Caml-list] French study on security and functional languages
Date: Mon, 27 May 2013 10:55:34 +0200 [thread overview]
Message-ID: <CAHvkLrPF-=dN3YwBJO6_1S0cARs7TMs0XOa7=nZ8v+fUku71GQ@mail.gmail.com> (raw)
In-Reply-To: <256988DB-E173-477E-ABBA-D590E3E08F42@gmail.com>
[-- Attachment #1: Type: text/plain, Size: 2596 bytes --]
Hi,
Some comments on this topic:
- LaFoSec is the second study funded by ANSSI (it was done by a consortium
of experts, among which many security experts and one of the main
developers of OCaml, so I would not take their recommendations
lightly, personally), the first one is JavaSec (
http://www.ssi.gouv.fr/fr/anssi/publications/publications-scientifiques/autres-publications/securite-et-langage-java.html),
so there is indeed a comparison between OCaml, other functional languages,
and imperative languages, showing that there are many more security
problems with Java than with OCaml.
- LaFoSec was started in 2010, which explains why it focuses on OCaml 3.12.
- If some observations seem obvious (for smart people that you are ;-) ), a
lot of them are much less obvious (the fact for example that you can
discover a secrete key using polymorphic comparisons without breaking the
type system). Also, they give an interesting set of arguments for pushing
OCaml instead of other programming languages, so for me, they are really
going in the good direction, it's a very good thing for the OCaml community.
- There is a document that was also written, but has not been published (it
was described at the last JFLA'2013 seminar, also in French), providing a
set of recommendations to improve OCaml for security applications. I don't
know why it was not published with the other ones, maybe because it would
become obsolete faster than the other ones.
--Fabrice
On Fri, May 24, 2013 at 7:45 PM, Pierre-Etienne Meunier <
pierreetienne.meunier@gmail.com> wrote:
> > Hahah :-)
> >
> > I would be happy to have an english version of this study...
> > my language skills are very delimited and french is not
> > in the small bag of languages I know.
> >
> > Possibly the crucial pages can be translated by some people?
>
> Legally in France, you can also ask financial details about this kind of
> crap. I did it, we will see the result.
>
> I can translate the most brilliant pages in english when I have some time,
> but I doubt you'll appreciate it as much as we, french taxpayers,
> far-from-tenured young french researchers ;-)
>
> Cheers…
> Pierre
> --
> Caml-list mailing list. Subscription management and archives:
> https://sympa.inria.fr/sympa/arc/caml-list
> Beginner's list: http://groups.yahoo.com/group/ocaml_beginners
> Bug reports: http://caml.inria.fr/bin/caml-bugs
>
--
Fabrice LE FESSANT
Chercheur en Informatique
INRIA Paris Rocquencourt -- OCamlPro
Programming Languages and Distributed Systems
[-- Attachment #2: Type: text/html, Size: 3694 bytes --]
next prev parent reply other threads:[~2013-05-27 8:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-24 7:02 David MENTRE
2013-05-24 7:55 ` Francois Berenger
2013-05-24 12:35 ` rixed
2013-05-24 14:43 ` oliver
2013-05-24 15:15 ` rixed
2013-05-27 1:18 ` Francois Berenger
2013-05-24 14:35 ` oliver
2013-05-24 14:59 ` Esther Baruk
2013-05-24 15:05 ` oliver
2013-05-24 15:18 ` David MENTRE
2013-05-24 15:36 ` Esther Baruk
2013-05-24 23:13 ` oliver
2013-05-26 14:14 ` Marek Kubica
2013-05-24 17:44 ` Pierre-Etienne Meunier
2013-05-27 8:55 ` Fabrice Le Fessant [this message]
2013-05-24 14:47 ` oliver
2013-05-24 15:02 ` Johan Grande
2013-05-24 12:41 ` Olivier Levillain
2013-05-24 12:46 ` Anil Madhavapeddy
2013-05-25 8:53 ` Olivier Levillain
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHvkLrPF-=dN3YwBJO6_1S0cARs7TMs0XOa7=nZ8v+fUku71GQ@mail.gmail.com' \
--to=fabrice.le_fessant@inria.fr \
--cc=caml-list@inria.fr \
--cc=oliver@first.in-berlin.de \
--cc=pierreetienne.meunier@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).