: Sunday, July 23, 2006 3:42 PM
To: Crispin Cowan
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] Bumper sticker definition of secure software
As a result, really secure systems tend to require lots of user
training and are a hassle to use because they require permission all
the time.
No I disagree
NB: I am not speaking on behalf of my employer and this is my
personal opinion.
Banks in general do not use smart cards as they suffer from the same
issue as two factor non-transaction signing fobs - they are somewhat
trivial to trick users into giving up a credential. Connected keys
are
On 7/21/06, Florian Weimer [EMAIL PROTECTED] wrote:
* Brian A. Shea:
My slogan:
Unsecured Applications = Unsecured Business
Which is completely acceptable if you and your business partners are
aware of the risk level at which your are running your company.
Secure software costs more,
* Brian A. Shea:
My slogan:
Unsecured Applications = Unsecured Business
Which is completely acceptable if you and your business partners are
aware of the risk level at which your are running your company.
Secure software costs more, requires more user training, and fails in
Reliability is concerned only with accidental failures while security has
to consider malicious attacks as well. The difference is in the intent of
the software user: benign or malicious.
And for a bumper sticker, here is one for the pessimists:
Secure Software is a Myth
and another version for
Hi list, I'll introduce myself with a claim:
Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering
thesp0nge
On 7/18/06, Gadi Evron [EMAIL PROTECTED] wrote:
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: Reliability is concerned only with accidental
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet accurate and comprehensive.
My favorite is by Ivan Arce, CTO of Core Software, coming out
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dave Aronson
If you really want to compress that to bumper-sticker size, how about
Secure Software: Does what it's meant to. Period.
This encompasses both can't be forced NOT to do what it's
meant to do,
and can't be
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet accurate and comprehensive.
My
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
supposed to goes to intent.
I don't know. I think there is a difference between this does what
it's supposed to do and this has no design faults. That's all I was
trying to highlight.
The difference between supposed to,
On Mon, 17 Jul 2006, Peter G. Neumann wrote:
Forget the bumper sticker approach.
Hey Peter. :)
Well, one should forget the bumper-sticker approach if all us broing dry
guys keep try to explain to people how math works.
Instead, teling them:
1+1=?
Didn't learn math, eh?
Is bumper-sticker
Gary, If you think security is a funny topic, try this one:
http://haha.nu/funny/funny-math/
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter
I prefer to define the opposite:
Insecure Software is like a joke,
Except others laugh at you
I like it because:
-it captures the notion that vulnerabilities, just like jokes, are very
often made apparent by thinking in a different context from the software's
designers (the straight man).
-It
Crispin Cowan wrote:
mikeiscool wrote:
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote:
supposed to goes to intent.
I don't know. I think there is a difference between this does what
it's supposed to do and this has no design faults. That's all I was
trying to highlight.
The difference
At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
boundary=_=_NextPart_001_01C6A844.D6A28B6B
I've been struggling for a while to synthesise a definition of secure
software that is short and sweet, yet
Secure software you're (not) soaking in it.
On 7/16/06 8:32 AM, mikeiscool [EMAIL PROTECTED] wrote:
On 7/16/06, ljknews [EMAIL PROTECTED] wrote:
At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
Content-class: urn:content-classes:message
Content-Type: multipart/alternative;
So, if software is dependably bad and can dependably be counted on to
fail, it's secure?
Especially if it resists attempts to compromise such dependability?
On Jul 15, 2006, at 3:27 PM, Goertzel Karen wrote:
I've been struggling for a while to synthesise a definition of
secure software
Goertzel Karen wrote:
"Bumper sticker" definition of secure software
I've been struggling for a while to synthesise a
definition of secure software that is short and sweet, yet accurate and
comprehensive.
My favorite is by Ivan Arce, CTO of Core Software, coming out of a
18 matches
Mail list logo
