Re: [SC-L] bumper sticker slogan for secure software

2006-07-19 Thread Pascal Meunier
On 7/18/06 11:45 AM, Dana Epp [EMAIL PROTECTED] wrote: Or perhaps less arrogance in believing it won't sink. Absolute security is a myth. As is designing absolutely secure software. I have high hopes in formal methods. It is a lofty goal, but one of an absolute that just isn't

Re: [SC-L] bumper sticker slogan for secure software

2006-07-19 Thread Andrew van der Stock
Actually, it is a myth. For every non-trivial system, there are business pressures on resourcing, deadlines, and acceptable quality (pick any two). Once a business has set their taste for risk, it makes no sense to spend say $10m on security controls on a product and delay it for six

Re: [SC-L] bumper sticker slogan for secure software

2006-07-19 Thread der Mouse
Absolute security is a myth. As is designing absolutely secure software. I have high hopes in formal methods. All formal methods do is push bugs around. Basically, you end up writing in a higher-level language (the spec you are formally verifying the program meets). You are then subject to