NB: I am not speaking on behalf of my employer and this is my
personal opinion.
Banks in general do not use smart cards as they suffer from the same
issue as two factor non-transaction signing fobs - they are somewhat
trivial to trick users into giving up a credential. Connected keys
are
On 7/25/06, Dana Epp <[EMAIL PROTECTED]> wrote:
> But secure software is not a technology problem,
Yes it is.
> it's a business one.
> Focused on people.
This is part of the issue, not the whole issue.
> If smartcards were so great, why isn't every single computer in the
> world equipped with
PROTECTED] On Behalf Of mikeiscool
Sent: Sunday, July 23, 2006 3:42 PM
To: Crispin Cowan
Cc: Secure Coding Mailing List
Subject: Re: [SC-L] "Bumper sticker" definition of secure software
> As a result, really secure systems tend to require lots of user
> training and are a hassle to
> As a result, really secure systems tend to require lots of user training
> and are a hassle to use because they require permission all the time.
No I disagree still. Consider a smart card. Far easier to use then the
silly bank logins that are available these days. Far easier then even
bothering
mikeiscool wrote:
> On 7/21/06, Florian Weimer <[EMAIL PROTECTED]> wrote:
>
>> Secure software costs more, requires more user training, and fails in
>> hard-to-understand patterns. If you really need it, you lose.
>>
> Really secure software should require _less_ user training, not more.
>
On 7/21/06, Florian Weimer <[EMAIL PROTECTED]> wrote:
> * Brian A. Shea:
>
> > My slogan:
> >
> > Unsecured Applications = Unsecured Business
>
> Which is completely acceptable if you and your business partners are
> aware of the risk level at which your are running your company.
>
> Secure softwar
* Brian A. Shea:
> My slogan:
>
> Unsecured Applications = Unsecured Business
Which is completely acceptable if you and your business partners are
aware of the risk level at which your are running your company.
Secure software costs more, requires more user training, and fails in
hard-to-underst
Hi list, I'll introduce myself with a claim:
"Software is like Titanic, pleople claim it was unsinkable. Securing is providing it power steering"
thesp0nge
On 7/18/06, Gadi Evron <[EMAIL PROTECTED]> wrote:
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote:> Reliability is concerned only with acci
On Mon, 17 Jul 2006, Rajeev Gopalakrishna wrote:
> Reliability is concerned only with accidental failures while security has
> to consider malicious attacks as well. The difference is in the intent of
> the software user: benign or malicious.
>
> And for a bumper sticker, here is one for the pessi
Reliability is concerned only with accidental failures while security has
to consider malicious attacks as well. The difference is in the intent of
the software user: benign or malicious.
And for a bumper sticker, here is one for the pessimists:
"Secure Software is a Myth"
and another version fo
Crispin Cowan wrote:
> mikeiscool wrote:
>> On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>>> "supposed to" goes to intent.
>> I don't know. I think there is a difference between "this does what
>> it's supposed to do" and "this has no design faults". That's all I was
>> trying to highlight.
I prefer to define the opposite:
"Insecure Software is like a joke,
Except others laugh at you"
I like it because:
-it captures the notion that vulnerabilities, just like jokes, are very
often made apparent by thinking in a different context from the software's
designers (the straight man).
-It
Gary, If you think security is a funny topic, try this one:
http://haha.nu/funny/funny-math/
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available
On Mon, 17 Jul 2006, Peter G. Neumann wrote:
> Forget the bumper sticker approach.
Hey Peter. :)
Well, one should forget the bumper-sticker approach if all us broing dry
guys keep try to explain to people how math works.
Instead, teling them:
1+1=?
Didn't learn math, eh?
Is bumper-sticker worth
Secure Software: Safe Ex
ecution
(No, I'm not serious.)
-- Jerry
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc -
It's my view, as Ken and I have said in a couple of publications, that
secure code "lets you say yes with confidence, and no with certainty".
-mg-
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http
You suggest:
Secure software is software that remains dependable despite efforts to
compromise its dependability.
You need a bigger-picture view that encompasses trustworthiness
and assurance.
"Dependable systems are systems that remain dependable despite
would-be compromises to their depe
On 7/18/06, Goertzel Karen <[EMAIL PROTECTED]> wrote:
> Another possibility:
>
> Secure software can't be subverted.
Again you are all missing that point that design faults are a major
*major* problem. Cannot be "subvered"; well fine. But what if the main
function of the app itself is wrong. It is
On Mon, 17 Jul 2006, Goertzel Karen wrote:
> Another possibility:
>
> Secure software can't be subverted.
We Read Your Email
Your Program == Swiss Cheese
>
> --
> Karen Mercedes Goertzel, CISSP
> Booz Allen Hamilton
> 703.902.6981
> [EMAIL PROTECTED]
>
> ___
Another possibility:
Secure software can't be subverted.
--
Karen Mercedes Goertzel, CISSP
Booz Allen Hamilton
703.902.6981
[EMAIL PROTECTED]
___
Secure Coding mailing list (SC-L)
SC-L@securecoding.org
List information, subscriptions, etc - http://kr
My slogan:
Unsecured Applications = Unsecured Business
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Epstein
Sent: Monday, July 17, 2006 8:46 AM
To: Secure Coding Mailing List
Subject: Re: [SC-L] "Bumper sticker" definition of secure s
I like the idea of a bumper sticker slogan for the same reason as "elevator
pitches" are useful - they don't cover everything, and they don't try to be
precise - just give enough information to whet the reader's/listener's
appetite.
And with that, I offer the following:
"Software Security Keeps t
Crispin Cowan writes...
> IMHO, bumper sticker slogans are necessarily short and glib.
> There isn't room to put in all the qualifications and caveats
> to make it a perfectly precise statement. As such, mincing
> words over it is a futile exercise.
>
> Or you could just print a technical paper
mikeiscool wrote:
> On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>> "supposed to" goes to intent.
> I don't know. I think there is a difference between "this does what
> it's supposed to do" and "this has no design faults". That's all I was
> trying to highlight.
The difference between "sup
On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
> mikeiscool wrote:
> > On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
> >> > Goertzel Karen wrote:
> >> > I've been struggling for a while to synthesise a definition of secure
> >> > software that is short and sweet, yet accurate and comp
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Dave Aronson
> If you really want to compress that to bumper-sticker size, how about
>
> "Secure Software: Does what it's meant to. Period."
>
> This encompasses both "can't be forced NOT to do what it's
> meant to do",
> a
EMAIL PROTECTED]
Sent: Sun Jul 16 15:58:08 2006
To: SC-L@securecoding.org
Subject: Re: [SC-L] "Bumper sticker" definition of secure software
Goertzel Karen wrote:
> Secure software is software that remains dependable despite efforts
> to compromise its dependability.
mikeiscool wrote:
> On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>> > Goertzel Karen wrote:
>> > I've been struggling for a while to synthesise a definition of secure
>> > software that is short and sweet, yet accurate and comprehensive.
>>
>> My favorite is by Ivan Arce, CTO of Core Softw
On 7/17/06, Crispin Cowan <[EMAIL PROTECTED]> wrote:
>
> > Goertzel Karen wrote:
> >
> >
> > I've been struggling for a while to synthesise a definition of secure
> > software that is short and sweet, yet accurate and comprehensive.
>
> My favorite is by Ivan Arce, CTO of Core Software, coming out
Goertzel Karen wrote:
"Bumper sticker" definition of secure software
I've been struggling for a while to synthesise a
definition of secure software that is short and sweet, yet accurate and
comprehensive.
My favorite is by Ivan Arce, CTO of Core Software, coming out of a
discussion
So, if software is dependably bad and can dependably be counted on to
fail, it's secure?
Especially if it resists attempts to compromise such dependability?
On Jul 15, 2006, at 3:27 PM, Goertzel Karen wrote:
> I've been struggling for a while to synthesise a definition of
> secure software
On Sun, 16 Jul 2006, mikeiscool wrote:
> On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote:
> > At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
> > > Content-class: urn:content-classes:message
> > > Content-Type: multipart/alternative;
> > > boundary="_=_NextPart_001_01C6A844.D6A28B6B"
> > >
Secure software you're (not) soaking in it.
On 7/16/06 8:32 AM, "mikeiscool" <[EMAIL PROTECTED]> wrote:
> On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote:
>> At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
>>> Content-class: urn:content-classes:message
>>> Content-Type: multipart/alternative;
>>>
Goertzel Karen wrote:
> Secure software is software that remains dependable despite efforts
> to compromise its dependability.
If you really want to compress that to bumper-sticker size, how about
"Secure Software: Does what it's meant to. Period."
This encompasses both "can't be forced NOT
On 7/16/06, ljknews <[EMAIL PROTECTED]> wrote:
> At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
> > Content-class: urn:content-classes:message
> > Content-Type: multipart/alternative;
> > boundary="_=_NextPart_001_01C6A844.D6A28B6B"
> >
> > I've been struggling for a while to synthesise
Not even Chuck Norris can break Secure Software.
;)
-- Stephen de Vries
Corsaire Ltd
E-mail: [EMAIL PROTECTED]
Tel:+44 1483 226014
Fax:+44 1483 226068
Web:http://www.corsaire.com
On 16 Jul 2006, at 02:27, Goertzel Karen wrote:
> I've been struggling for a while to synthesise a def
At 3:27 PM -0400 7/15/06, Goertzel Karen wrote:
> Content-class: urn:content-classes:message
> Content-Type: multipart/alternative;
> boundary="_=_NextPart_001_01C6A844.D6A28B6B"
>
> I've been struggling for a while to synthesise a definition of secure
>software that is short and sweet, y
37 matches
Mail list logo