Robert C. Seacord wrote: >> Seeking perfect correctness as an approach to security is a fool's >> errand. Security is designing systems that can tolerate imperfect software. >> > I could go along with "achieving perfect correctness as an approach to > security is a fool's belief" but I believe the desire to achieve > correctness is a prerequisite for security. > > More specifically, I have found that systematic schemes for providing > software security (such as memory protection, canaries, etc.) are > generally ineffective once a coding error (such as a buffer overflow) > allows an attacker to penetrate the peripheral defense of code > correctness. Given the current state of software security, I don't > think any security "best" practice can abandoned and that > defense-in-depth is a practical necessity. > I don't think we disagree. When I said that seeking correctness is a fool's errand, I meant (more precisely) that *depending on achieving* correctness is a fool's errand. You must always assume the presence of imperfect software, and then design in defense in depth to tolerate that. Using other software engineering techniques (secure coding, the occasional topic of this mailing list :) certainly helps, but cannot be the whole approach to security.
> Also, back on the book topic, I recently heard of an older but > successful book that did nothing but take examples from other books and > show in detail how they were incorrect. Perhaps such a "supplemental" > text could be developed for commonly used text books. > I like it! Bugtraq for books :) My engineers are quite fond of The *Daily WTF* <http://thedailywtf.com/> a web site that lampoons bad code. Crispin _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
