Re: [SC-L] Bumper sticker definition of secure software

2006-07-24 Thread Dana Epp
: Sunday, July 23, 2006 3:42 PM To: Crispin Cowan Cc: Secure Coding Mailing List Subject: Re: [SC-L] Bumper sticker definition of secure software As a result, really secure systems tend to require lots of user training and are a hassle to use because they require permission all the time. No I disagree

Re: [SC-L] Bumper sticker definition of secure software

2006-07-24 Thread Andrew van der Stock
NB: I am not speaking on behalf of my employer and this is my personal opinion. Banks in general do not use smart cards as they suffer from the same issue as two factor non-transaction signing fobs - they are somewhat trivial to trick users into giving up a credential. Connected keys are

Re: [SC-L] Bumper sticker definition of secure software

2006-07-21 Thread mikeiscool
On 7/21/06, Florian Weimer [EMAIL PROTECTED] wrote: * Brian A. Shea: My slogan: Unsecured Applications = Unsecured Business Which is completely acceptable if you and your business partners are aware of the risk level at which your are running your company. Secure software costs more,

Re: [SC-L] Bumper sticker definition of secure software

2006-07-20 Thread Florian Weimer
* Brian A. Shea: My slogan: Unsecured Applications = Unsecured Business Which is completely acceptable if you and your business partners are aware of the risk level at which your are running your company. Secure software costs more, requires more user training, and fails in

Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Rajeev Gopalakrishna
Reliability is concerned only with accidental failures while security has to consider malicious attacks as well. The difference is in the intent of the software user: benign or malicious. And for a bumper sticker, here is one for the pessimists: Secure Software is a Myth and another version for

Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Gadi Evron
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: Reliability is concerned only with accidental failures while security has to consider malicious attacks as well. The difference is in the intent of the software user: benign or malicious. And for a bumper sticker, here is one for the

Re: [SC-L] Bumper sticker definition of secure software

2006-07-18 Thread Paolo Perego
Hi list, I'll introduce myself with a claim: Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering thesp0nge On 7/18/06, Gadi Evron [EMAIL PROTECTED] wrote: On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote: Reliability is concerned only with accidental

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Crispin Cowan
mikeiscool wrote: On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote: Goertzel Karen wrote: I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet accurate and comprehensive. My favorite is by Ivan Arce, CTO of Core Software, coming out

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Holger.Peine
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dave Aronson If you really want to compress that to bumper-sticker size, how about Secure Software: Does what it's meant to. Period. This encompasses both can't be forced NOT to do what it's meant to do, and can't be

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread mikeiscool
On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote: mikeiscool wrote: On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote: Goertzel Karen wrote: I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet accurate and comprehensive. My

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Crispin Cowan
mikeiscool wrote: On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote: supposed to goes to intent. I don't know. I think there is a difference between this does what it's supposed to do and this has no design faults. That's all I was trying to highlight. The difference between supposed to,

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Gadi Evron
On Mon, 17 Jul 2006, Peter G. Neumann wrote: Forget the bumper sticker approach. Hey Peter. :) Well, one should forget the bumper-sticker approach if all us broing dry guys keep try to explain to people how math works. Instead, teling them: 1+1=? Didn't learn math, eh? Is bumper-sticker

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Peter G. Neumann
Gary, If you think security is a funny topic, try this one: http://haha.nu/funny/funny-math/ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Pascal Meunier
I prefer to define the opposite: Insecure Software is like a joke, Except others laugh at you I like it because: -it captures the notion that vulnerabilities, just like jokes, are very often made apparent by thinking in a different context from the software's designers (the straight man). -It

Re: [SC-L] Bumper sticker definition of secure software

2006-07-17 Thread Glenn and Mary Everhart
Crispin Cowan wrote: mikeiscool wrote: On 7/17/06, Crispin Cowan [EMAIL PROTECTED] wrote: supposed to goes to intent. I don't know. I think there is a difference between this does what it's supposed to do and this has no design faults. That's all I was trying to highlight. The difference

Re: [SC-L] Bumper sticker definition of secure software

2006-07-16 Thread ljknews
At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: Content-class: urn:content-classes:message Content-Type: multipart/alternative; boundary=_=_NextPart_001_01C6A844.D6A28B6B I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet

Re: [SC-L] Bumper sticker definition of secure software

2006-07-16 Thread Gunnar Peterson
Secure software you're (not) soaking in it. On 7/16/06 8:32 AM, mikeiscool [EMAIL PROTECTED] wrote: On 7/16/06, ljknews [EMAIL PROTECTED] wrote: At 3:27 PM -0400 7/15/06, Goertzel Karen wrote: Content-class: urn:content-classes:message Content-Type: multipart/alternative;

Re: [SC-L] Bumper sticker definition of secure software

2006-07-16 Thread Julie J.C.H. Ryan
So, if software is dependably bad and can dependably be counted on to fail, it's secure? Especially if it resists attempts to compromise such dependability? On Jul 15, 2006, at 3:27 PM, Goertzel Karen wrote: I've been struggling for a while to synthesise a definition of secure software

Re: [SC-L] Bumper sticker definition of secure software

2006-07-16 Thread Crispin Cowan
Goertzel Karen wrote: "Bumper sticker" definition of secure software I've been struggling for a while to synthesise a definition of secure software that is short and sweet, yet accurate and comprehensive. My favorite is by Ivan Arce, CTO of Core Software, coming out of a