Reliability is concerned only with accidental failures while security has to consider malicious attacks as well. The difference is in the intent of the software user: benign or malicious.
And for a bumper sticker, here is one for the pessimists: "Secure Software is a Myth" and another version for the skeptics: "Is Secure Software a Myth?" :) -rajeev On Mon, 17 Jul 2006, Peter G. Neumann wrote: > You suggest: > > Secure software is software that remains dependable despite efforts to > compromise its dependability. > > You need a bigger-picture view that encompasses trustworthiness > and assurance. > > "Dependable systems are systems that remain dependable despite > would-be compromises to their dependability." > > "Trustworthy systems are systems that are worthy of being trusted > to satisfy their requirements (for security, reliability, survivability, > safety, or whatever)." > > Security is generally too narrow by itself, because a system that is > not reliable is not likely to be secure, especially when in > unreliability mode! > > The principle of Keep It Simple is inherently unworkable with respect to > security. Security is inherently complex. Trustworthiness is broader and > even more complex. But if you don't think about trustworthiness more > broadly, what you get is not likely to be very secure. > > Forget the bumper sticker approach. > > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
