Comments on: Best language for secure healthcare applications

By: Administrator

Administrator — Mon, 27 Feb 2006 14:22:20 +0000

Hunscher — great comment! You made my points better than I did . I couldn’t agree with you more.

By: Hunscher

Hunscher — Mon, 27 Feb 2006 14:05:31 +0000

I agree with the post about the need for “good developers”, but I think that needs clarification, by way of expanding on Administrator’s comment above. Many programmers/software engineers have no real understanding of what kinds of programming practices create security holes. Most are subtle errors, and of little interest to developers since they usually require attention to details that do not add to the feature set in any visible way, and no challenging algorithmic problems are involved.

In my domain, clinical research informatics, HIPAA is another area where developers commonly have misconceptions, especially with respect to creating deidentified and limited data sets. The rules are arcane and even less interesting to programmers than security.

Developers who have this level of knowledge are hard to find, and when you encounter them they usually have the level of experiential wisdom that transcends any given programming language or environment. Give them well-defined requirements and definition of applicable constraints, and you will get a secure system.

By: Administrator

Administrator — Fri, 24 Feb 2006 13:42:19 +0000

Agreed — but, those issues in the .NET VM and frameworks wouldn’t affect the design and architecture of the higher level software where most quality and security errors are introduced.

By: arman

arman — Fri, 24 Feb 2006 03:20:43 +0000

Hi,
There were some serious issues with trust in .net. I beleive some of them have been fixed in version 2.0. The sandbox in Java is yet to have such issues with trust models