Secure Coding mailing list archives
"Bumper sticker" definition of secure software
From: michaelslists at gmail.com (mikeiscool)
Date: Tue, 25 Jul 2006 08:48:04 +1000
On 7/25/06, Dana Epp <dana at vulscan.com> wrote:
But secure software is not a technology problem,
Yes it is.
it's a business one. Focused on people.
This is part of the issue, not the whole issue.
If smartcards were so great, why isn't every single computer in the world equipped with a reader?
The answer isn't that smart cards aren't great, it's that it's not a practical possibility. Maybe oneday it will be.
There will always be technology safeguards we can put in place to mitigate particular problems. But technology is not a panacea here.
*sigh* I never said it was. No one said it was.
It is no different than "network security professionals" that deploy $30,000 firewalls to protect digital assets worth less than the computer they are on. (I once saw a huge Checkpoint firewall protecting an MP3 server. Talk about waste.) Those guys should be shot for ever making that recommendation. As should secure software engineers who think they can solve all problems with technology without considering all risks and impacts to the business.
All this is interesting but useless for this discussion. Nobody said you should try and solve all problems with technology without consider the impacts to the business. Please go back and read the original posts to find out what we were talking about before going off on a boring, totally unoriginal, rant, that everyone here is already intimately familiar with.
Regards, Dana Epp
-- mic
Current thread:
- "Bumper sticker" definition of secure software, (continued)
- "Bumper sticker" definition of secure software mikeiscool (Jul 17)
- "Bumper sticker" definition of secure software mark at markgraff.com (Jul 17)
- "Bumper sticker" definition of secure software Peter G. Neumann (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software Rajeev Gopalakrishna (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 18)
- "Bumper sticker" definition of secure software Paolo Perego (Jul 18)
- "Bumper sticker" definition of secure software leichter_jerrold at emc.com (Jul 17)
- "Bumper sticker" definition of secure software Peter G. Neumann (Jul 17)
- "Bumper sticker" definition of secure software Dana Epp (Jul 24)
- "Bumper sticker" definition of secure software mikeiscool (Jul 24)