Re: [SC-L] "Bumper sticker" definition of secure software

NB: I am not speaking on behalf of my employer and this is my personal opinion. Banks in general do not use smart cards as they suffer from the same issue as two factor non-transaction signing fobs - they are somewhat trivial to trick users into giving up a credential. Connected keys are

Re: [SC-L] "Bumper sticker" definition of secure software

On 7/25/06, Dana Epp <[EMAIL PROTECTED]> wrote: > But secure software is not a technology problem, Yes it is. > it's a business one. > Focused on people. This is part of the issue, not the whole issue. > If smartcards were so great, why isn't every single computer in the > world equipped with

Re: [SC-L] Cost of provably-correct code

David Crocker wrote: > Crispin Cowan wrote on 21 July 2006 18:45: > >> Yes, you can have provably correct code. Cost is approximately $20,000 per line >> of code. That is what the "procedures" required for correct code cost. Oh, and >> they are kind of super-lin

Re: [SC-L] "Bumper sticker" definition of secure software

But secure software is not a technology problem, it's a business one. Focused on people. If smartcards were so great, why isn't every single computer in the world equipped with a reader? There will always be technology safeguards we can put in place to mitigate particular problems. But technology

Re: [SC-L] bumper sticker slogan for secure software

> Sorry, but it is a fact. Yes, you can have provably correct code. Cost > is approximately $20,000 per line of code. That is what the "procedures" > required for correct code cost. Oh, and they are kind of super-linear, > so one program of 200 lines costs more than 2 programs of 100 lines. Someon

Re: [SC-L] Cost of provably-correct code

David Crocker wrote: > Crispin Cowan wrote on 21 July 2006 18:45: > >> Yes, you can have provably correct code. Cost is approximately $20,000 per >> line >> of code. That is what the "procedures" required for correct code cost. Oh, >> and >> they are kind of super-linear, so one program of 200

Re: [SC-L] "Bumper sticker" definition of secure software

> As a result, really secure systems tend to require lots of user training > and are a hassle to use because they require permission all the time. No I disagree still. Consider a smart card. Far easier to use then the silly bank logins that are available these days. Far easier then even bothering

Re: [SC-L] "Bumper sticker" definition of secure software

mikeiscool wrote: > On 7/21/06, Florian Weimer <[EMAIL PROTECTED]> wrote: > >> Secure software costs more, requires more user training, and fails in >> hard-to-understand patterns. If you really need it, you lose. >> > Really secure software should require _less_ user training, not more. >