Secure Coding mailing list archives

What is the size of this list?

From: andrews at rbacomm.com (Brad Andrews)
Date: Fri, 21 Aug 2009 10:41:27 -0500


I completely agree with your final statement Karen, but I see a lot  
more of the words aiming at the 100% mark and I think that is  
ultimately a bad focus since it is unachievable and therefore will  
waste focus and effort.

While on paper we can "prove" programs are bug free (security-related  
or not), it doesn't work in practice.  I may be biased by my  
experience, but you won't be able to design a perfect program anymore  
than you can design a "flawless" piece of handmade furniture.  Flaws  
happen.  They focus should be on minimizing them and reducing the risk  
that any flaws that make it through will cripple the end product,  
whether it be a wood table or a software program.

A recent CERT podcast implied that we could reach your 100% as we  
matured and that has just stuck in my craw.  I don't think it really  
is achievable, though making the case is going to take more than a  
quick reply on this list.

-- 

Brad Andrews
RBA Communications
CISM, CSSLP, SANS/GIAC GSEC, GCFW, GCIH, GPCI


Quoting "Goertzel, Karen [USA]" <goertzel_karen at bah.com>:

Interesting. My definition of "secure" is for software is   
"dependable, trustworthy, and survivable (or, if you prefer,   
resilient)", i.e.,

(1) It's got to behave correctly and predictably;

(2) It's got to behave non-maliciously and also not be subvertible   
(i.e., no weaknesses that can be exploited as vulnerabilities);

(3) When it comes under attack, 1 & 2 need to hold true for as long   
as possible before the software's execution gracefully degrades and   
ultimately fails; when it does fail, it must do so in a manner that   
doesn't make it, its data, or its resources vulnerable to further   
compromise, and it must recover to an acceptable level of operation   
(which, obviously, needs to be specified) as quickly as possible,   
with as little damage as possible (and having minimised the extent   
of that damage).

Obviously, there's very little software that can satisfy all three   
of these criteria 100%. But even 50% is better than 0%.

Current thread:

What is the size of this list?, (continued)
- - What is the size of this list? Rafael Ruiz (Aug 19)
    - What is the size of this list? Rob Floodeen (Aug 19)
    - What is the size of this list? Matt Bishop (Aug 20)
    - What is the size of this list? Goertzel, Karen [USA] (Aug 20)
    - What is the size of this list? Matt Bishop (Aug 20)
    - What is the size of this list? Martin Gilje Jaatun (Aug 20)
    - What is the size of this list? Gary McGraw (Aug 20)
- What is the size of this list? Joshua Morin (Aug 19)
- What is the size of this list? Peter G. Neumann (Aug 20)
  - What is the size of this list? Goertzel, Karen [USA] (Aug 20)
    - What is the size of this list? Brad Andrews (Aug 21)
    - What is the size of this list? Goertzel, Karen [USA] (Aug 21)
    - What is the size of this list? Brad Andrews (Aug 21)