On 4/13/05, der Mouse <[EMAIL PROTECTED]> wrote: > >>> I would question you if you suggested to me that you always assume > >>> to _NOT_ include 'security' and only _DO_ include security if > >>> someone asks. > >> "Security" is not a single thing that is included or omitted. > > Again, in my experience that is not true. Programs that are labelled > > 'Secure' vs something that isn't. > > *Labelling as* secure _is_ (or at least can be) something that is > boolean, included or not. The actual security behind it, if any, is > what I was talking about. > > > In this case, there is a single thing - Security - that has been > > included in one and not the other [in theory]. > > Rather, I would say, there is a cluster of things that have been boxed > up and labeled "security", and included or not. What that box includes > may not be the same between the two cases, even, never mind whether > there are any security aspects that aren't in the box, or non-security > aspects that are. > > > Also, anyone requesting software from a development company may say: > > "Oh, is it 'Secure'?" Again, the implication is that it is a single > > thing included or omitted. > > Yes, that is the implication. It is wrong.
I couldn't agree more! This is my whole point. Security isn't 'one thing', but it seems the original article [that started this discussion] implied that so that the blame could be spread out. If you actually look at the actual problems you can easily blame the programmers :) -- Michael
