I'm more devious. I think what needs to happen is that we need to redefine what 
we mean by "functionally correct" or "quality" code. If determination of 
functional correctness were extended from "must operate as specified under 
expected conditions" to "must operate as specified under all conditions", 
functional correctness would necessarily require security, safety, fault 
tolerance, and all those other good things that make software dependable 
instead of just correct.

Karen Mercedes Goertzel, CISSP
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.

Reply via email to