Secure Coding mailing list archives
"Bumper sticker" definition of secure software
From: neumann at csl.sri.com (Peter G. Neumann)
Date: Mon, 17 Jul 2006 11:16:40 PDT
You suggest: Secure software is software that remains dependable despite efforts to compromise its dependability. You need a bigger-picture view that encompasses trustworthiness and assurance. "Dependable systems are systems that remain dependable despite would-be compromises to their dependability." "Trustworthy systems are systems that are worthy of being trusted to satisfy their requirements (for security, reliability, survivability, safety, or whatever)." Security is generally too narrow by itself, because a system that is not reliable is not likely to be secure, especially when in unreliability mode! The principle of Keep It Simple is inherently unworkable with respect to security. Security is inherently complex. Trustworthiness is broader and even more complex. But if you don't think about trustworthiness more broadly, what you get is not likely to be very secure. Forget the bumper sticker approach.
Current thread:
- "Bumper sticker" definition of secure software, (continued)
- "Bumper sticker" definition of secure software Shea, Brian A (Jul 17)
- "Bumper sticker" definition of secure software Florian Weimer (Jul 20)
- "Bumper sticker" definition of secure software mikeiscool (Jul 20)
- "Bumper sticker" definition of secure software Crispin Cowan (Jul 23)
- "Bumper sticker" definition of secure software mikeiscool (Jul 23)
- "Bumper sticker" definition of secure software Andrew van der Stock (Jul 24)
- "Bumper sticker" definition of secure software Shea, Brian A (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software mikeiscool (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 17)
- "Bumper sticker" definition of secure software Rajeev Gopalakrishna (Jul 17)
- "Bumper sticker" definition of secure software Gadi Evron (Jul 18)
- "Bumper sticker" definition of secure software Paolo Perego (Jul 18)
- "Bumper sticker" definition of secure software mikeiscool (Jul 24)