On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote: > > > Goertzel Karen wrote: > > > > > > I've been struggling for a while to synthesise a definition of secure > > software that is short and sweet, yet accurate and comprehensive. > > My favorite is by Ivan Arce, CTO of Core Software, coming out of a > discussion between him and I on a mailing list about 5 years ago. > > Reliable software does what it is supposed to do. Secure software does what > it is supposed to do, and nothing else.
and what if it's "supposed" to take unsanitzed input and send it into a sql database using the administrators account? is that secure? > Crispin -- mic _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php