Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: Another opinion on using extreme programming for security
From: Kenneth Buchanan (K.BuchananKastenchase.com)
Date: Fri Apr 16 2004 - 16:07:30 CDT
> Even that isn't true. In insecure program that is "broken as designed"
> may be 100% reliable. Not all security flaws are coding errors.
Implicit in this statement is that reliability problems are never a result of poor design?
To clarify what I posted yesterday, I mean that reliability is about software acting as the user expects it to. From that perspective (that is, the user's), software is not really reliable if it is insecure. That's why what I meant by 'subset'.
Rick's earlier point is valid, though. While my assertion may be technically true, it's not useful to think of it that way from a software engineering perspective. Security analysis is different in nature from reliability testing.
I didn't mean to imply otherwise. I was approaching the question of what a user may reasonably expect from software.
- Ken -