[SC-L] "Bumper sticker" definition of secure software
mikeiscool
michaelslists at gmail.com
Sun Jul 16 22:17:01 EDT 2006
On 7/17/06, Crispin Cowan <crispin at novell.com> wrote:
>
> > Goertzel Karen wrote:
> >
> >
> > I've been struggling for a while to synthesise a definition of secure
> > software that is short and sweet, yet accurate and comprehensive.
>
> My favorite is by Ivan Arce, CTO of Core Software, coming out of a
> discussion between him and I on a mailing list about 5 years ago.
>
> Reliable software does what it is supposed to do. Secure software does what
> it is supposed to do, and nothing else.
and what if it's "supposed" to take unsanitzed input and send it into
a sql database using the administrators account?
is that secure?
> Crispin
-- mic
More information about the SC-L
mailing list