Swift
My friend Nathan Spande has a new Dark Reading column up--- a short introduction to Swift.
Swift is yet another entry in the "augment the language for security" contest. The goal here, though, seems too narrow for me. They concentrate on making the client-side/server-side split of application data secure. Yet it seems (to my semi-informed opinion) that most of the high-profile security breaches we hear about, such as the recent exposure of private Facebook pictures, do not arise from this class of error.
I think their paper would be significantly improved by the inclusion of one or two examples from real life that their approach would solve. If we view the problem they're solving not as "making web applications more secure" but as "automatically improving the performance of web applications via secure client-side code" then the story is more compelling. (It does seem, after I skimmed the paper, that their framework can address "user-private" data such as the Facebook problem; they give an example of a "Secret Keeper" application that shows a secret only to an authenticated user.)
Swift is yet another entry in the "augment the language for security" contest. The goal here, though, seems too narrow for me. They concentrate on making the client-side/server-side split of application data secure. Yet it seems (to my semi-informed opinion) that most of the high-profile security breaches we hear about, such as the recent exposure of private Facebook pictures, do not arise from this class of error.
I think their paper would be significantly improved by the inclusion of one or two examples from real life that their approach would solve. If we view the problem they're solving not as "making web applications more secure" but as "automatically improving the performance of web applications via secure client-side code" then the story is more compelling. (It does seem, after I skimmed the paper, that their framework can address "user-private" data such as the Facebook problem; they give an example of a "Secret Keeper" application that shows a secret only to an authenticated user.)