re-writing college books - erm.. ahm...

[crispin at novell.com (Crispin Cowan)]

Robert C. Seacord wrote:
> > Seeking perfect correctness as an approach to security is a fool's
> > errand. Security is designing systems that can tolerate imperfect software.
> >     
> I could go along with "achieving perfect correctness as an approach to
> security is a fool's belief" but I believe the desire to achieve
> correctness is a prerequisite for security.
>
> More specifically, I have found that systematic schemes for providing
> software security (such as memory protection, canaries, etc.) are
> generally ineffective once a coding error (such as a buffer overflow)
> allows an attacker to penetrate the peripheral defense of code
> correctness.  Given the current state of software security, I don't
> think any security "best" practice can abandoned and that
> defense-in-depth is a practical necessity.
>   
I don't think we disagree. When I said that seeking correctness is a
fool's errand, I meant (more precisely) that *depending on achieving*
correctness is a fool's errand. You must always assume the presence of
imperfect software, and then design in defense in depth to tolerate
that. Using other software engineering techniques (secure coding, the
occasional topic of this mailing list :) certainly helps, but cannot be
the whole approach to security.

> Also, back on the book topic, I recently heard of an older but
> successful book that did nothing but take examples from other books and
> show in detail how they were incorrect.  Perhaps such a "supplemental"
> text could be developed for commonly used text books.
>   
I like it! Bugtraq for books :) My engineers are quite fond of The
*Daily WTF* <http://thedailywtf.com/> a web site that lampoons bad code.

Crispin