Re: [SC-L] "Bumper sticker" definition of secure software
Goertzel Karen wrote: "Bumper sticker" definition of secure software I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet accurate and comprehensive. My favorite is by Ivan Arce, CTO of Core Software, coming out of a discussion between him and I on a mailing list about 5 years ago. Reliable software does what it is supposed to do. Secure software does what it is supposed to do, and nothing else. Crispin -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering, Novell http://novell.com Necessity is the mother of invention ... except for pure math ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
So, if software is dependably bad and can dependably be counted on to fail, it's secure? Especially if it resists attempts to compromise such dependability? On Jul 15, 2006, at 3:27 PM, Goertzel Karen wrote: > I've been struggling for a while to synthesise a definition of > secure software that is short and sweet, yet accurate and > comprehensive. Here's what I've come up with: > > Secure software is software that remains dependable despite efforts > to compromise its dependability. > > Agree? Disagree? > > -- > Karen Mercedes Goertzel, CISSP > Booz Allen Hamilton > 703-902-6981 > [EMAIL PROTECTED] > > ___ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/ > listinfo/sc-l > List charter available at - http://www.securecoding.org/list/ > charter.php ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
On Sun, 16 Jul 2006, mikeiscool wrote: > On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote: > > At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: > > > Content-class: urn:content-classes:message > > > Content-Type: multipart/alternative; > > > boundary="_=_NextPart_001_01C6A844.D6A28B6B" > > > > > > I've been struggling for a while to synthesise a definition of secure > > >software that is short and sweet, yet accurate and comprehensive. Here's > > >what I've come up with: > > > > > > Secure software is software that remains dependable despite efforts to > > >compromise its dependability. > > > > > > Agree? Disagree? > > > > I disagree about that being bumper-sticker size, and I think we really > > need bumper stickers. > > a better bumper sticker would be something like: > > "secure software is what i write. call me now to find out how!" "I read your email" jinx.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
Secure software you're (not) soaking in it. On 7/16/06 8:32 AM, "mikeiscool" <[EMAIL PROTECTED]> wrote: > On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote: >> At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: >>> Content-class: urn:content-classes:message >>> Content-Type: multipart/alternative; >>> boundary="_=_NextPart_001_01C6A844.D6A28B6B" >>> >>> I've been struggling for a while to synthesise a definition of secure >>> software that is short and sweet, yet accurate and comprehensive. Here's >>> what I've come up with: >>> >>> Secure software is software that remains dependable despite efforts to >>> compromise its dependability. >>> >>> Agree? Disagree? >> >> I disagree about that being bumper-sticker size, and I think we really >> need bumper stickers. > > a better bumper sticker would be something like: > > "secure software is what i write. call me now to find out how!" > > ... > > i don't see the point of a short phrase. it's obvious what secure > software is. software that has no bugs and no design faults. > > -- mic > ___ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l > List charter available at - http://www.securecoding.org/list/charter.php ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
Goertzel Karen wrote: > Secure software is software that remains dependable despite efforts > to compromise its dependability. If you really want to compress that to bumper-sticker size, how about "Secure Software: Does what it's meant to. Period." This encompasses both "can't be forced NOT to do what it's meant to do", and "can't be forced to do what it's NOT meant to do". Also note, however, that "Secure Software" is the name of a company (which I used to work for). Dunno how picky they may get about possible trademark (service mark?) infringement, though IMHO they'd probably just love the free publicity. ;-) -Dave ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote: > At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: > > Content-class: urn:content-classes:message > > Content-Type: multipart/alternative; > > boundary="_=_NextPart_001_01C6A844.D6A28B6B" > > > > I've been struggling for a while to synthesise a definition of secure > >software that is short and sweet, yet accurate and comprehensive. Here's > >what I've come up with: > > > > Secure software is software that remains dependable despite efforts to > >compromise its dependability. > > > > Agree? Disagree? > > I disagree about that being bumper-sticker size, and I think we really > need bumper stickers. a better bumper sticker would be something like: "secure software is what i write. call me now to find out how!" ... i don't see the point of a short phrase. it's obvious what secure software is. software that has no bugs and no design faults. -- mic ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
Not even Chuck Norris can break Secure Software. ;) -- Stephen de Vries Corsaire Ltd E-mail: [EMAIL PROTECTED] Tel:+44 1483 226014 Fax:+44 1483 226068 Web:http://www.corsaire.com On 16 Jul 2006, at 02:27, Goertzel Karen wrote: > I've been struggling for a while to synthesise a definition of > secure software that is short and sweet, yet accurate and > comprehensive. Here's what I've come up with: > > Secure software is software that remains dependable despite efforts > to compromise its dependability. > > Agree? Disagree? > > -- > Karen Mercedes Goertzel, CISSP > Booz Allen Hamilton > 703-902-6981 > [EMAIL PROTECTED] > > ___ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/ > listinfo/sc-l > List charter available at - http://www.securecoding.org/list/ > charter.php ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
Re: [SC-L] "Bumper sticker" definition of secure software
At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: > Content-class: urn:content-classes:message > Content-Type: multipart/alternative; > boundary="_=_NextPart_001_01C6A844.D6A28B6B" > > I've been struggling for a while to synthesise a definition of secure >software that is short and sweet, yet accurate and comprehensive. Here's >what I've come up with: > > Secure software is software that remains dependable despite efforts to >compromise its dependability. > > Agree? Disagree? I disagree about that being bumper-sticker size, and I think we really need bumper stickers. -- Larry Kilgallen ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php
[SC-L] "Bumper sticker" definition of secure software
Title: "Bumper sticker" definition of secure software I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet accurate and comprehensive. Here's what I've come up with: Secure software is software that remains dependable despite efforts to compromise its dependability. Agree? Disagree? -- Karen Mercedes Goertzel, CISSP Booz Allen Hamilton 703-902-6981 [EMAIL PROTECTED] ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php