Regarding your remarks about writing perfectly secure code...
well put.

And your remarks about Ross Anderson...

> Ross Anderson once said that secure software engineering is about
> building systems to remain dependable in the face of malice, error,
> or mischance. I think he has something there. If we build systems
> to maintain confidentiality, integrity and availability, we have the
> ability to fail gracefully in a manner to recover from unknown or
> changing problems in our software without being detrimental to
> the user, or their data.

remined me of Anderson and Ralph Needham coining the phrase
(hope I'm getting this right) that "security is like programming
Satan's computer" in the sense that you have an evil extremely
intelligent adversary with unlimited resources and time, etc.

So there's a bumper sticker for you:

        Security: programming Satan's computer

Of course, it's likely to be misunderstood by most.
(Maybe we could attribute it to SNL's "church lady".
Sorry Ross. ;-)

BTW, does anyone besides me think that it's time to put
this thread to rest?

Kevin W. Wall           Qwest Information Technology, Inc.
[EMAIL PROTECTED]       Phone: 614.215.4788
"The reason you have people breaking into your software all 
over the place is because your software sucks..."
 -- Former whitehouse cybersecurity advisor, Richard Clarke,
    at eWeek Security Summit

This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

Secure Coding mailing list (SC-L)
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php

Reply via email to