On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: > Reliability is concerned only with accidental failures while security has > to consider malicious attacks as well. The difference is in the intent of > the software user: benign or malicious. > > And for a bumper sticker, here is one for the pessimists: > > "Secure Software is a Myth" > > and another version for the skeptics: > > "Is Secure Software a Myth?" > > :)
Again, this would speak only to a very small percentage of the population. You me, maybe 10K people around the world if we are generous. > > -rajeev > > > On Mon, 17 Jul 2006, Peter G. Neumann wrote: > > > You suggest: > > > > Secure software is software that remains dependable despite efforts to > > compromise its dependability. > > > > You need a bigger-picture view that encompasses trustworthiness > > and assurance. > > > > "Dependable systems are systems that remain dependable despite > > would-be compromises to their dependability." > > > > "Trustworthy systems are systems that are worthy of being trusted > > to satisfy their requirements (for security, reliability, survivability, > > safety, or whatever)." > > > > Security is generally too narrow by itself, because a system that is > > not reliable is not likely to be secure, especially when in > > unreliability mode! > > > > The principle of Keep It Simple is inherently unworkable with respect to > > security. Security is inherently complex. Trustworthiness is broader and > > even more complex. But if you don't think about trustworthiness more > > broadly, what you get is not likely to be very secure. > > > > Forget the bumper sticker approach. > > > > _______________________________________________ > > Secure Coding mailing list (SC-L) > > SC-L@securecoding.org > > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > > List charter available at - http://www.securecoding.org/list/charter.php > > > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
