>>> I would question you if you suggested to me that you always assume >>> to _NOT_ include 'security' and only _DO_ include security if >>> someone asks. >> "Security" is not a single thing that is included or omitted. > Again, in my experience that is not true. Programs that are labelled > 'Secure' vs something that isn't.
*Labelling as* secure _is_ (or at least can be) something that is boolean, included or not. The actual security behind it, if any, is what I was talking about. > In this case, there is a single thing - Security - that has been > included in one and not the other [in theory]. Rather, I would say, there is a cluster of things that have been boxed up and labeled "security", and included or not. What that box includes may not be the same between the two cases, even, never mind whether there are any security aspects that aren't in the box, or non-security aspects that are. > Also, anyone requesting software from a development company may say: > "Oh, is it 'Secure'?" Again, the implication is that it is a single > thing included or omitted. Yes, that is the implication. It is wrong. The correct response to "is it secure?" is "against what threat?", not "yes" or "no". I would argue that anyone who thinks otherwise should not be coding or specifying for anything that has a significant cost for a security failure. (Which is not to say that they aren't!) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B