[SC-L] "Bumper sticker" definition of secure software
Pascal Meunier
pmeunier at cerias.purdue.edu
Mon Jul 17 17:29:56 EDT 2006
I prefer to define the opposite:
"Insecure Software is like a joke,
Except others laugh at you"
I like it because:
-it captures the notion that vulnerabilities, just like jokes, are very
often made apparent by thinking in a different context from the software's
designers (the straight man).
-It conveys the notion that insecure software is shoddy;
-It conveys the notion that there are people who will find out that you run
insecure software;
-It may motivate some people to care about security by invoking social
stigma ;)
Cheers,
Pascal Meunier
Purdue University CERIAS
On 7/15/06 3:27 PM, "Goertzel Karen" <goertzel_karen at bah.com> wrote:
> I've been struggling for a while to synthesise a definition of secure software
> that is short and sweet, yet accurate and comprehensive. Here's what I've come
> up with:
>
> Secure software is software that remains dependable despite efforts to
> compromise its dependability.
>
> Agree? Disagree?
>
> --
> Karen Mercedes Goertzel, CISSP
> Booz Allen Hamilton
> 703-902-6981
> goertzel_karen at bah.com
> _______________________________________________
> Secure Coding mailing list (SC-L)
> SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
More information about the SC-L
mailing list