On 7/19/06, Dana Epp <[EMAIL PROTECTED]> wrote:
> Or perhaps less arrogance in believing "it won't sink".
> Absolute security is a myth.

no it isn't. pretending it is a 'myth' is an attempt by sloppy
programmers and designers to explain away the reasons for their
applications failing.

> As is designing absolutely secure software.
> It is a lofty goal, but one of an absolute that just isn't achievable as
> threats change and new attack patterns are found. Designing secure
> software is about attaining a level of balance around software
> dependability weighed against mitigated risks against said software to
> acceptable tolerance levels, while at the same time ensuring said
> software accomplishes the original goal... to solve some problem for the
> user.
> On my office door is a bumper sticker I made. It simply says:
> 0x5
> 10 points to the first person to explain what that means.

security 101?

-- mic
Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to