"Bumper sticker" definition of secure software

[Kevin.Wall at qwest.com (Wall, Kevin)]

Crispin Cowan writes...

> IMHO, bumper sticker slogans are necessarily short and glib. 
> There isn't room to put in all the qualifications and caveats
> to make it a perfectly precise statement. As such, mincing
> words over it is a futile exercise.
>
> Or you could just print a technical paper on a bumper 
> sticker, in really small font :)

Actually, I like that I idea. And it could end with the cliche:
        "If you can read this, you are too close."

Seriously, while I understand that there may be a reason to have
a bumper-sticker-like catch phrase for the definition of "secure",
I think that in the long run, it is more likely to backfire.

I have already reviewed an untold number of security "requirements"
that said "The system shall be secure". Having some bumper-sticker
slogan that we all use would only allow those yo-yos to justify
their "requirements", at least if it reflects  anything regarding
an actual definition of security such as Ivan's comment that Crispan
posted.

With that in mind, maybe it would be less "dangerous" to use something
more pithy or sardonic, but less to the point of an actual definition.

    Security: Pay me now, or I'll pay myself later.

Of course that would only be appropriate for black or grey hats. ;-)

-kevin
---
Kevin W. Wall           Qwest Information Technology, Inc.
Kevin.Wall at qwest.com Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.