Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Rajeev Gopalakrishna
Reliability is concerned only with accidental failures while security has to consider malicious attacks as well. The difference is in the intent of the software user: benign or malicious. And for a bumper sticker, here is one for the pessimists: Secure Software is a Myth and another version for

Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Gadi Evron
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: Reliability is concerned only with accidental failures while security has to consider malicious attacks as well. The difference is in the intent of the software user: benign or malicious. And for a bumper sticker, here is one for the

Re: [SC-L] Resource limitation

2006-07-18 Thread Pete Shanahan
[EMAIL PROTECTED] wrote: I was recently looking at some code to do regular expression matching, when it occurred to me that one can produce fairly small regular expressions that require huge amounts of space and time. There's nothing in the slightest bit illegal about such regexp's - it's

Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Paolo Perego
Hi list, I'll introduce myself with a claim: Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering thesp0nge On 7/18/06, Gadi Evron [EMAIL PROTECTED] wrote: On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: Reliability is concerned only with accidental

[SC-L] bumper sticker slogan for secure software

2006-07-18 Thread SC-L Subscriber Dave Aronson
Paolo Perego [mailto:[EMAIL PROTECTED] writes: Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering But power steering wouldn't have saved it. By the time the iceberg was spotted, there was not enough time to turn that large a boat. Perhaps

Re: [SC-L] bumper sticker slogan for secure software

2006-07-18 Thread Dana Epp
Or perhaps less arrogance in believing it won't sink. Absolute security is a myth. As is designing absolutely secure software. It is a lofty goal, but one of an absolute that just isn't achievable as threats change and new attack patterns are found. Designing secure software is about attaining a

Re: [SC-L] bumper sticker slogan for secure software

2006-07-18 Thread Andrew van der Stock
Best for older cars... My other car is a bit more secure Best for Volvos (or pick another high safety brand): I wish my finance systems are as safe as this car Honk if you want secure software Who has your data? Ask for secure software next time thanks, Andrew smime.p7s Description: S/MIME

Re: [SC-L] bumper sticker slogan for secure software

2006-07-18 Thread Wietse Venema
Dana Epp: Or perhaps less arrogance in believing it won't sink. Absolutely. Here's my $0.02: secure software fails safely Any non-trivial piece of software has defects. My challenge is not to eliminate the last defect, but to make the system safe to use (for some appropriate definition

Re: [SC-L] bumper sticker slogan for secure software

2006-07-18 Thread ...
well... there's no possible definition... unless programmers start thinking and acting in another way, and who commissions the software respect and pays for the real value of it, and users understand the value, Secure Software is an Oxymoron (there may be a reason why this has moron