Page 74 - NO.153銀行家雜誌
P. 74
特別報導
Special Issue
不懂程式的人談到資安,都很容易想到 近年來出現了一些程式語言以相反的
演算法。演算法的確是計算機科學的核心; 理念設計,其中一個最近很紅,叫作R u s t。
是軟體公司徵才時要求的基本能力;而且演 在Rust的設計觀念中,最重要的一項就是防錯
算法和資安,在密碼學上也有很多重疊之 管理(Error Management),而要管理的「錯
處。但現實中的資安破口,大概都離演算法 誤」,其實就是那些不是寫給機器跑,而是
十萬八千里。 寫給設計師、其他部門的人,甚至終端使用
要了解這件事,我們可以看看程式語言 者看的註解字串。
在歷史上究竟如何發展。在計算機科學的演 光看這個例子應該就知道,軟體開發過
進中,安全變得越來越重要。在第一隻電腦 程中有很多問題都不只是程式問題,而是組
病毒出現的5年之後,Python在1991年問世。 織管理的問題。所以即使你完全不懂程式,
它的設計理念是「與其事先報備,不如事後 也不用對資安問題退避三舍,並且可以從這
道歉」(Better to ask for forgiveness than 些層面去檢查使用與管理軟體的方式會產生
permission),試圖解決C語言這類老舊程式 哪些安全漏洞。
語言既難用又不安全的問題。當然,在Python
越來越普及之後,這種設計理念的缺陷也越 認識你的入侵者
來越明顯,而且只要有點法律背景的人,大
概都可以一眼看出問題在哪裡。 大部分的程式錯誤,最多都只會拖慢程
methods with targets – i.e. phishing and personal time, as a reflecting of the gradually increasing
information protection. The various aspects of importance of security in computer science.
cybersecurity are so diverse that might almost Python – first released in 1991, only five
be better to abandon the term altogether and years after the creation of the first virus –
start from elsewhere. uses a design philosophy of “better to ask
Most non-specialists tend to assume that for forgiveness than permission.” To be clear,
cybersecurity is closely related to algorithms, the its approach was an innovation over older
central topic of computer science, and the most basic assembly-level languages like C, which are
competency software companies seek when hiring. neither safe nor user-friendly. Nevertheless, that
Indeed, there is a rich area of overlap between the two approach is becoming recognized as flawed for
in the field of cryptography, but problems of this nature an increasing range of applications, for reasons
are generally far removed from the everyday work of that should be obvious to anyone with a legal
system security. background.
To see why, it might be helpful to understand Rust, which has gained prominence in recent
the development of programming languages over years, is an example of a more modern language
74 台灣銀行家2022.9月號
1 5% JOEE