Secure Coding mailing list archives
What is the size of this list?
From: neumann at csl.sri.com (Peter G. Neumann)
Date: Thu, 20 Aug 2009 15:50:21 PDT
Let me amplify what Matt Bishop has said. I tend to deal with TRUSTWORTHINESS, which encompasses security, reliability, survivability, human safety, and anything else that you have to trust whether you like it or not. Security is only one aspect of it. Long ago Butler Lampson wrote a paper pointing out that if it is not secure, it won't be reliable, and if it is not reliable, it is may not be secure. That was applied to access controls in hardware, but it is equally applied to SYSTEMS. Also, all of those trustworthiness properties tend to be emergent properties of the entire system/enterprise/whatever. Beware of folks who tell you their crypto algorithm (for example) is 100% secure, and ignore that fact that if it badly implemented or the keys are stored in an unsecure operating system, then all bets are off and 100% secure becomes 0% secure. end of soapbox, which some of you have heard from me before. Peter
Current thread:
- What is the size of this list?, (continued)
- What is the size of this list? Arian J. Evans (Aug 19)
- What is the size of this list? SC-L Reader Dave Aronson (Aug 19)
- What is the size of this list? Rafael Ruiz (Aug 19)
- What is the size of this list? Rob Floodeen (Aug 19)
- What is the size of this list? Matt Bishop (Aug 20)
- What is the size of this list? Goertzel, Karen [USA] (Aug 20)
- What is the size of this list? Matt Bishop (Aug 20)
- What is the size of this list? Rafael Ruiz (Aug 19)
- What is the size of this list? Martin Gilje Jaatun (Aug 20)
- What is the size of this list? Gary McGraw (Aug 20)
- What is the size of this list? Goertzel, Karen [USA] (Aug 20)
- What is the size of this list? Brad Andrews (Aug 21)
- What is the size of this list? Goertzel, Karen [USA] (Aug 21)
- What is the size of this list? Brad Andrews (Aug 21)