On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>
> >  Goertzel Karen wrote:
> >
> >
> > I've been struggling for a while to synthesise a definition of secure
> > software that is short and sweet, yet accurate and comprehensive.
>
> My favorite is by Ivan Arce, CTO of Core Software, coming out of a
> discussion between him and I on a mailing list about 5 years ago.
>
> Reliable software does what it is supposed to do. Secure software does what
> it is supposed to do, and nothing else.

and what if it's "supposed" to take unsanitzed input and send it into
a sql database using the administrators account?

is that secure?


>  Crispin

-- mic
_______________________________________________
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to