"Bumper sticker" definition of secure software

[pmeunier at cerias.purdue.edu (Pascal Meunier)]

I prefer to define the opposite:

"Insecure Software is like a joke,
Except others laugh at you"

I like it because:
-it captures the notion that vulnerabilities, just like jokes, are very
often made apparent by thinking in a different context from the software's
designers (the straight man).

-It conveys the notion that insecure software is shoddy;

-It conveys the notion that there are people who will find out that you run
insecure software;

-It may motivate some people to care about security by invoking social
stigma ;)


Cheers,
Pascal Meunier
Purdue University CERIAS



On 7/15/06 3:27 PM, "Goertzel Karen" <goertzel_karen at bah.com> wrote:

> I've been struggling for a while to synthesise a definition of secure software
> that is short and sweet, yet accurate and comprehensive. Here's what I've come
> up with:
>
> Secure software is software that remains dependable despite efforts to
> compromise its dependability.
>
> Agree? Disagree?
>
> --
> Karen Mercedes Goertzel, CISSP
> Booz Allen Hamilton
> 703-902-6981
> goertzel_karen at bah.com
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php