Secure Coding mailing list archives
"Bumper sticker" definition of secure software
From: thesp0nge at gmail.com (Paolo Perego)
Date: Tue, 18 Jul 2006 16:32:12 +0200
Hi list, I'll introduce myself with a claim: "Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering" thesp0nge On 7/18/06, Gadi Evron <ge at linuxbox.org> wrote:
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote:Reliability is concerned only with accidental failures while securityhasto consider malicious attacks as well. The difference is in the intentofthe software user: benign or malicious. And for a bumper sticker, here is one for the pessimists: "Secure Software is a Myth" and another version for the skeptics: "Is Secure Software a Myth?" :)Again, this would speak only to a very small percentage of the population. You me, maybe 10K people around the world if we are generous.-rajeev On Mon, 17 Jul 2006, Peter G. Neumann wrote:You suggest: Secure software is software that remains dependable despite effortstocompromise its dependability. You need a bigger-picture view that encompasses trustworthiness and assurance. "Dependable systems are systems that remain dependable despite would-be compromises to their dependability." "Trustworthy systems are systems that are worthy of being trusted to satisfy their requirements (for security, reliability,survivability,safety, or whatever)." Security is generally too narrow by itself, because a system that is not reliable is not likely to be secure, especially when in unreliability mode! The principle of Keep It Simple is inherently unworkable with respecttosecurity. Security is inherently complex. Trustworthiness is broaderandeven more complex. But if you don't think about trustworthiness more broadly, what you get is not likely to be very secure. Forget the bumper sticker approach. _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc -http://krvw.com/mailman/listinfo/sc-lList charter available at -http://www.securecoding.org/list/charter.php_______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc -http://krvw.com/mailman/listinfo/sc-lList charter available at - http://www.securecoding.org/list/charter.php_______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
-- $>cd /pub $>more beer AngeL core developer: http://www.sikurezza.org/angel -------------- next part -------------- An HTML attachment was scrubbed... URL: http://krvw.com/pipermail/sc-l/attachments/20060718/9e775e27/attachment-0001.html
Current thread:
- "Bumper sticker" definition of secure software, (continued)
- "Bumper sticker" definition of secure software mikeiscool (Jul 23)
- "Bumper sticker" definition of secure software Andrew van der Stock (Jul 24)
- "Bumper sticker" definition of secure software Goertzel Karen (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software mikeiscool (Jul 17)
- "Bumper sticker" definition of secure software mark at markgraff.com (Jul 17)
- "Bumper sticker" definition of secure software Peter G. Neumann (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software Rajeev Gopalakrishna (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 18)
- "Bumper sticker" definition of secure software Paolo Perego (Jul 18)
- "Bumper sticker" definition of secure software mikeiscool (Jul 24)