On Friday 27 December 2002 11:43, John Viega wrote:
> Of course it's possible to write something that's not exploitable.
As an unqualified statement, this is patently false. If you had said that
given a fixed environment, it's possible to develop an application that
provides protection from circumvention of well defined security
restrictions against a certain type of attack or attacker, then I might
take it seriously. Until then, you're just furthering the myth of
attainable total security (e.g., is survivability in thermonuclear war a
requirement of your app? is that appropriate? if your app fails in this
case, has it been "exploited" or DoS'd or is that an accepted failure
scenario?).
> For example, I've seen
Secure design can often compartmentalize enough to handle a changing
environment, but it's something of a desireable side effect of good design,
not a strong property. Change the environment enough (or change
abstractions that authors don't question, like the remote filesystem) , and
anything will break. How it breaks is the important question, and something
I don't think we spend enough time discussing over the incessant din of
those looking for a security silver bullet.
--
Alex Russell
alex@netWindows.org
alex@SecurePipe.com
Received on Fri Dec 27 22:34:06 2002
This archive was generated by hypermail 2.1.8
: Wed Aug 23 2006 - 14:02:44 EDT
|
