Secure Coding mailing list archives
"Bumper sticker" definition of secure software
From: Kevin.Wall at qwest.com (Wall, Kevin)
Date: Mon, 17 Jul 2006 08:16:46 -0500
Crispin Cowan writes...
IMHO, bumper sticker slogans are necessarily short and glib. There isn't room to put in all the qualifications and caveats to make it a perfectly precise statement. As such, mincing words over it is a futile exercise. Or you could just print a technical paper on a bumper sticker, in really small font :)
Actually, I like that I idea. And it could end with the cliche: "If you can read this, you are too close." Seriously, while I understand that there may be a reason to have a bumper-sticker-like catch phrase for the definition of "secure", I think that in the long run, it is more likely to backfire. I have already reviewed an untold number of security "requirements" that said "The system shall be secure". Having some bumper-sticker slogan that we all use would only allow those yo-yos to justify their "requirements", at least if it reflects anything regarding an actual definition of security such as Ivan's comment that Crispan posted. With that in mind, maybe it would be less "dangerous" to use something more pithy or sardonic, but less to the point of an actual definition. Security: Pay me now, or I'll pay myself later. Of course that would only be appropriate for black or grey hats. ;-) -kevin --- Kevin W. Wall Qwest Information Technology, Inc. Kevin.Wall at qwest.com Phone: 614.215.4788 "The reason you have people breaking into your software all over the place is because your software sucks..." -- Former whitehouse cybersecurity advisor, Richard Clarke, at eWeek Security Summit This communication is the property of Qwest and may contain confidential or privileged information. Unauthorized use of this communication is strictly prohibited and may be unlawful. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy all copies of the communication and any attachments.
Current thread:
- "Bumper sticker" definition of secure software Gary McGraw (Jul 16)
- <Possible follow-ups>
- "Bumper sticker" definition of secure software Holger.Peine at iese.fraunhofer.de (Jul 16)
- "Bumper sticker" definition of secure software Wall, Kevin (Jul 17)
- "Bumper sticker" definition of secure software Jeremy Epstein (Jul 17)
- "Bumper sticker" definition of secure software Shea, Brian A (Jul 17)
- "Bumper sticker" definition of secure software Florian Weimer (Jul 20)
- "Bumper sticker" definition of secure software mikeiscool (Jul 20)
- "Bumper sticker" definition of secure software Crispin Cowan (Jul 23)
- "Bumper sticker" definition of secure software mikeiscool (Jul 23)
- "Bumper sticker" definition of secure software Andrew van der Stock (Jul 24)
- "Bumper sticker" definition of secure software Shea, Brian A (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software mikeiscool (Jul 17)