Secure Coding mailing list archives

What is the size of this list?

From: goertzel_karen at bah.com (Goertzel, Karen [USA])
Date: Thu, 20 Aug 2009 20:11:12 -0400

Interesting. My definition of "secure" is for software is "dependable, trustworthy, and survivable (or, if you prefer, 
resilient)", i.e., 

(1) It's got to behave correctly and predictably; 

(2) It's got to behave non-maliciously and also not be subvertible (i.e., no weaknesses that can be exploited as 
vulnerabilities); 

(3) When it comes under attack, 1 & 2 need to hold true for as long as possible before the software's execution 
gracefully degrades and ultimately fails; when it does fail, it must do so in a manner that doesn't make it, its data, 
or its resources vulnerable to further compromise, and it must recover to an acceptable level of operation (which, 
obviously, needs to be specified) as quickly as possible, with as little damage as possible (and having minimised the 
extent of that damage).

Obviously, there's very little software that can satisfy all three of these criteria 100%. But even 50% is better than 
0%.

Karen Mercedes Goertzel, CISSP
Associate
703.698.7454
goertzel_karen at bah.com
________________________________________
From: Peter G. Neumann [neumann at csl.sri.com]
Sent: Thursday, August 20, 2009 6:50 PM
To: Matt Bishop
Cc: Goertzel, Karen [USA]; Secure Coding List
Subject: Re: [SC-L] What is the size of this list?

Let me amplify what Matt Bishop has said.
I tend to deal with TRUSTWORTHINESS, which encompasses
security, reliability, survivability, human safety, and anything
else that you have to trust whether you like it or not.
Security is only one aspect of it.  Long ago Butler Lampson
wrote a paper pointing out that if it is not secure, it won't
be reliable, and if it is not reliable, it is may not be secure.
That was applied to access controls in hardware, but it is equally
applied to SYSTEMS.  Also, all of those trustworthiness properties
tend to be emergent properties of the entire system/enterprise/whatever.
Beware of folks who tell you their crypto algorithm (for example) is
100% secure, and ignore that fact that if it badly implemented or the
keys are stored in an unsecure operating system, then all bets are off
and 100% secure becomes 0% secure.

end of soapbox, which some of you have heard from me before.

Peter

Current thread:

What is the size of this list?, (continued)
- What is the size of this list? SC-L Reader Dave Aronson (Aug 19)
  - What is the size of this list? Rafael Ruiz (Aug 19)
    - What is the size of this list? Rob Floodeen (Aug 19)
    - What is the size of this list? Matt Bishop (Aug 20)
    - What is the size of this list? Goertzel, Karen [USA] (Aug 20)
    - What is the size of this list? Matt Bishop (Aug 20)
    - What is the size of this list? Martin Gilje Jaatun (Aug 20)
    - What is the size of this list? Gary McGraw (Aug 20)
- What is the size of this list? Joshua Morin (Aug 19)
- What is the size of this list? Peter G. Neumann (Aug 20)
  - What is the size of this list? Goertzel, Karen [USA] (Aug 20)
    - What is the size of this list? Brad Andrews (Aug 21)
    - What is the size of this list? Goertzel, Karen [USA] (Aug 21)
    - What is the size of this list? Brad Andrews (Aug 21)