I agree that ONE end goal of software security is to safeguard data - but it is
not the only goal...and may not even be the primary goal, depending on the type
of system the software is part of. In a safety-critical system, safeguard the
data takes on a very different meaning from what one
On the other hand, isn't it somewhat analagous to hiring 24/7 armed security
guards and installing a state of the art physical security system in a museum,
and passing and enforcing strict laws against grand larceny?
The secure coding alternative would be for museums to stop displaying
So all it takes to call code secure is to apply sufficient quantities of
bandaids, bubblegum and barbed wire? Job security yes, secure coding NO.
Just my opinion, but I think we need to hold to a much higher standard.
On Mon, Sep 23, 2013 at 6:08 AM, Goertzel, Karen [USA]