"Bumper sticker" definition of secure software

[michaelslists at gmail.com (mikeiscool)]

On 7/25/06, Dana Epp <dana at vulscan.com> wrote:
> But secure software is not a technology problem,

Yes it is.


> it's a business one.
> Focused on people.

This is part of the issue, not the whole issue.


> If smartcards were so great, why isn't every single computer in the
> world equipped with a reader?

The answer isn't that smart cards aren't great, it's that it's not a
practical possibility. Maybe oneday it will be.


> There will always be technology safeguards
> we can put in place to mitigate particular problems. But technology is
> not a panacea here.

*sigh* I never said it was. No one said it was.


> It is no different than "network security professionals" that deploy
> $30,000 firewalls to protect digital assets worth less than the computer
> they are on. (I once saw a huge Checkpoint firewall protecting an MP3
> server. Talk about waste.) Those guys should be shot for ever making
> that recommendation. As should secure software engineers who think they
> can solve all problems with technology without considering all risks and
> impacts to the business.

All this is interesting but useless for this discussion. Nobody said
you should try and solve all problems with technology without consider
the impacts to the business. Please go back and read the original
posts to find out what we were talking about before going off on a
boring, totally unoriginal, rant, that everyone here is already
intimately familiar with.


> Regards,
> Dana Epp

-- mic