[SC-L] "Bumper sticker" definition of secure software
Holger.Peine at iese.fraunhofer.de
Holger.Peine at iese.fraunhofer.de
Mon Jul 17 02:32:40 EDT 2006
> From: sc-l-bounces at securecoding.org
> [mailto:sc-l-bounces at securecoding.org] On Behalf Of Dave Aronson
> If you really want to compress that to bumper-sticker size, how about
>
> "Secure Software: Does what it's meant to. Period."
>
> This encompasses both "can't be forced NOT to do what it's
> meant to do",
> and "can't be forced to do what it's NOT meant to do".
While I think this is the most concise formulation so far of what
most readers on this list would mean and would understand, I think
the non-security public does not think of security breaches in
terms of software doing more than it was supposed to. My suggestion
for a bumper sticker is therefore less conceptually crisp, but perhaps
more accessible:
"Secure Software: Works even if you try to dupe it"
Nice question, though -
Holger Peine
--
Dr. Holger Peine, Security and Safety
Fraunhofer IESE, Fraunhofer-Platz 1, 67663 Kaiserslautern, Germany
Phone +49-631-6800-2134, Fax -1299 (shared)
PGP key via http://pgp.mit.edu ; fingerprint is 1BFA 30CB E3ED BA99 E7AE
2BBB C126 A592 48EA F9F8
More information about the SC-L
mailing list