On 7/19/06, Dana Epp <[EMAIL PROTECTED]> wrote: > Or perhaps less arrogance in believing "it won't sink". > > Absolute security is a myth.
no it isn't. pretending it is a 'myth' is an attempt by sloppy programmers and designers to explain away the reasons for their applications failing. > As is designing absolutely secure software. > It is a lofty goal, but one of an absolute that just isn't achievable as > threats change and new attack patterns are found. Designing secure > software is about attaining a level of balance around software > dependability weighed against mitigated risks against said software to > acceptable tolerance levels, while at the same time ensuring said > software accomplishes the original goal... to solve some problem for the > user. > > On my office door is a bumper sticker I made. It simply says: > > 0x5 > > 10 points to the first person to explain what that means. security 101? -- mic _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php