"Bumper sticker" definition of secure software

[crispin at novell.com (Crispin Cowan)]

mikeiscool wrote:
> On 7/21/06, Florian Weimer <fw at deneb.enyo.de> wrote:
>   
> > Secure software costs more, requires more user training, and fails in
> > hard-to-understand patterns.  If you really need it, you lose.
> >     
> Really secure software should require _less_ user training, not more.
>   
That depends.

If "really secure" means "free of defects", then yes, it should be
easier to use, because it will have fewer surprising quirks.

However, since there is so little defect-free software, most often a
"really secure" system is one with lots of belt-and-suspenders access
controls and authentication checks all over the place. "Security" is the
business of saying "no" to the bad guys, so it necessarily involves
saying "no" if you don't have all your ducks in a row.

As a result, really secure systems tend to require lots of user training
and are a hassle to use because they require permission all the time.
Imagine if every door in your house was spring loaded and closed itself
after you went through. And locked itself. And you had to use a key to
open it each time. And each door had a different key. That would be
really secure, but it would also not be very convenient.

Crispin

-- 
Crispin Cowan, Ph.D.                      http://crispincowan.com/~crispin/
Director of Software Engineering, Novell  http://novell.com
     Hack: adroit engineering solution to an unaticipated problem
     Hacker: one who is adroit at pounding round pegs into square holes