Hi list, I'll introduce myself with a claim:
"Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering"
 
thesp0nge
 
On 7/18/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote:
> Reliability is concerned only with accidental failures while security has
> to consider malicious attacks as well. The difference is in the intent of
> the software user: benign or malicious.
>
> And for a bumper sticker, here is one for the pessimists:
>
> "Secure Software is a Myth"
>
> and another version for the skeptics:
>
> "Is Secure Software a Myth?"
>
> :)

Again, this would speak only to a very small percentage of the
population. You me, maybe 10K people around the world if we are generous.

>
> -rajeev
>
>
> On Mon, 17 Jul 2006, Peter G. Neumann wrote:
>
> > You suggest:
> >
> >   Secure software is software that remains dependable despite efforts to
> >   compromise its dependability.
> >
> > You need a bigger-picture view that encompasses trustworthiness
> > and assurance.
> >
> > "Dependable systems are systems that remain dependable despite
> > would-be compromises to their dependability."
> >
> > "Trustworthy systems are systems that are worthy of being trusted
> > to satisfy their requirements (for security, reliability, survivability,
> > safety, or whatever)."
> >
> > Security is generally too narrow by itself, because a system that is
> > not reliable is not likely to be secure, especially when in
> > unreliability mode!
> >
> > The principle of Keep It Simple is inherently unworkable with respect to
> > security.  Security is inherently complex.  Trustworthiness is broader and
> > even more complex.  But if you don't think about trustworthiness more
> > broadly, what you get is not likely to be very secure.
> >
> > Forget the bumper sticker approach.
> >
> > _______________________________________________
> > Secure Coding mailing list (SC-L)
> > SC-L@securecoding.org
> > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> > List charter available at - http://www.securecoding.org/list/charter.php
> >
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L@securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
>

_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php



--
$>cd /pub
$>more beer

AngeL core developer: http://www.sikurezza.org/angel
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to