Hosting Provided By

Re: Writing Secure code

From: <Valdis.Kletnieks(at)vt.edu>
Date: Fri Dec 27 2002 - 13:03:08 EST

On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <rahul@nsecure.net> said:

> And one more thing...<this one might be intresting ;-)> Is it possible
> to write code that is completely secure and not exploitable?

This is just a specific case of the question "Is it possible to write totally bug-free code"? And yes, it's *possible* to write bug-free code. The problem is that it's incredibly difficult to manage the development process in such a way that bugs are totally prevented - remember that humans are writing the code, and humans are.. well... human. ;)

On the flip side, good development practices can probably gain us 2 or maybe even 3 orders of magnitude in security - remember that 98% of security bugs are The Same Dumb Things over and over - so simply not doing those dumb things gets you 2 orders of magnitude right there.

Also, remember that there's some basic economics involved too - if you do a graph:

  |X .           . O     where 'X' is the costs (incident response, cleanup,
C |X  .         .  O     lost sales, downtime, etc) of not being secure, and
O | X  ..     ..  O      'O' is the cost of actually deploying security (this
S |  X   ..$..   O       stuff *does* have real costs - ever had to get 30K
T |   XX       OO        users to change their password on a regular basis?)
  |     XXX OOO          The '.' line is the *sum* of those two, and will have
  |OOOOOOO   XXXXXXX     a minimum value somewhere - I've marked that with a
  +------------------    '$'.  *THAT* is the correct level of security to have.
     SECURITY

What you want is the *minimum total cost of security*. Now, for different applications, the 'X' and 'O' lines have different shapes - if you're securing nuclear launch codes, the 'X' is almost a horizontal (and very high) line - it's very expensive to get hacked no matter what your security is. It makes sense to spend a billion dollars to secure those. On the other hand, it *doesnt* make sense to spend even $200K (and that's not much in development terms - 2 man-years at best) to secure data that's only worth $2K.

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

application/pgp-signature attachment: stored

Received on Fri Dec 27 14:45:23 2002

Do you need help?

This message: [ Message body ]
Next message: John Viega: "Re: Writing Secure code"
In reply to: Rahul Chander Kashyap: "Writing Secure code"
In reply to Jeremy Epstein: "RE: Writing Secure code"
Next in thread: Roger Alexander: "RE: Writing Secure code"
Reply: Roger Alexander: "RE: Writing Secure code"
Reply: Glynn Clements: "Re: Writing Secure code"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:44 EDT