I'm more devious. I think what needs to happen is that we need to redefine what we mean by "functionally correct" or "quality" code. If determination of functional correctness were extended from "must operate as specified under expected conditions" to "must operate as specified under all conditions", functional correctness would necessarily require security, safety, fault tolerance, and all those other good things that make software dependable instead of just correct.
Karen Mercedes Goertzel, CISSP Associate 703.698.7454 goertzel_ka...@bah.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
