Security Basics mailing list archives
Examples of lost security when integrating (secure) SW
From: Magnus Therning <magnus-work () therning org>
Date: Tue, 8 Jun 2004 14:11:48 +0200
I just had a discussion with my colleagues regarding problems with security in larger systems that are composed by combining modules/components that individually are secure. Both my gut and sources I have consulted says this is the case. However, I haven't been able to find any examples of when this has happened! Bruce Schneier spends a few pages in Secrets & Lies on the subject, without offering any examples of what can happen. I seem to remember some talk on a conference (was it Usenix?) a few years ago__I never attended it but I read the abstract of the papers/talks--where a talk on security mentioned a case where the combination of two security features effectively cancelled each other. Can anyone offer any more concrete examples, ideally not only academic ones? /M -- Magnus Therning mailto:therning () sourceforge natlab research philips com +31-40-2745179 http://pww.innersource.philips.com/magnus/ OpenPGP:0x4FBB2C40 X-Windows: ...It could be worse, but it'll take time.
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Examples of lost security when integrating (secure) SW Magnus Therning (Jun 08)