Or perhaps less arrogance in believing "it won't sink". Absolute security is a myth. As is designing absolutely secure software. It is a lofty goal, but one of an absolute that just isn't achievable as threats change and new attack patterns are found. Designing secure software is about attaining a level of balance around software dependability weighed against mitigated risks against said software to acceptable tolerance levels, while at the same time ensuring said software accomplishes the original goal... to solve some problem for the user.
On my office door is a bumper sticker I made. It simply says: 0x5 10 points to the first person to explain what that means. Regards, Dana Epp [Microsoft Security MVP] http://silverstr.ufies.org/blog/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SC-L Subscriber Dave Aronson Sent: Tuesday, July 18, 2006 7:53 AM To: SC-L@securecoding.org Subject: [SC-L] bumper sticker slogan for secure software Paolo Perego [mailto:[EMAIL PROTECTED] writes: > "Software is like Titanic, pleople claim it was unsinkable. Securing is > providing it power steering" But power steering wouldn't have saved it. By the time the iceberg was spotted, there was not enough time to turn that large a boat. Perhaps radar, but that doesn't make a very good analogy. Maybe a thicker tougher hull and automatic compartment doors? -Dave _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
