Economics of Software Vulnerabilities

[crispin at novell.com (Crispin Cowan)]

Gary McGraw wrote:
> Very interesting.  Crispin is in the throes of big software.  Anybody want to help me mount a rescue campaign from 
> jamaica?
>   
It is the art of managing upwards. To get my boss to do what I want him
to do, I have to encourage him, I can't just tell him. And his boss. And
his boss. And /his/ boss is the customer. So with a very long pole with
hinges in it, I have to try to get the customer to do what I want.

With that kind of interface to the customer, the only way to get the
customer to be more secure is to make being more secure the path of
least resistance. Make the secure way of doing things so easy that
anything else is just dumb, and the users will migrate to the secure way.

This is a highly unnatural thing to do. Security is the business of
saying "no" to access requests, and so is mostly viewed as being the
enemy of convenience.

However, it can be done. SSH did it; logging in to a remote host is
easier with SSH than with telnet or rlogin, because it lets you place
public keys (so you don't even have to type a password) and tunnels your
X11 stuff so that remote graphical stuff "just works".

All this is why ease of use was the #1 design goal of my AppArmor
product. Grey beards love to go around quoting the fable that you can't
add security to an existing system, you have to design it in. Well guess
what; you can't add ease of use to an existing system either, it has to
be designed in. And if you fail to provide for ease of use, then users
won't use it, at which point the security value of your solution drops
to zero.

Crispin

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
AppArmor Training at CanSec West   http://cansecwest.com/dojoapparmor.html