SecurityFocus

Writing Secure code Dec 27 2002 12:46PM
Rahul Chander Kashyap (rahul nsecure net) (6 replies)

Re: Writing Secure code Dec 28 2002 03:36AM
K K Mookhey (cto nii co in)

Re: Writing Secure code Dec 27 2002 11:16PM
Bob Bruen (coldrain sover net)

Re: Writing Secure code Dec 27 2002 06:17PM
Dana Epp (dana vulscan com)

Re: Writing Secure code Dec 27 2002 06:03PM
Valdis Kletnieks vt edu (2 replies)

On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <rahul (at) nsecure (dot) net [email concealed]> said:

> And one more thing...<this one might be intresting ;-)> Is it possible
> to write code that is completely secure and not exploitable?

This is just a specific case of the question "Is it possible to write
totally bug-free code"? And yes, it's *possible* to write bug-free code.
The problem is that it's incredibly difficult to manage the development
process in such a way that bugs are totally prevented - remember that humans
are writing the code, and humans are.. well... human. ;)

On the flip side, good development practices can probably gain us 2 or maybe
even 3 orders of magnitude in security - remember that 98% of security bugs
are The Same Dumb Things over and over - so simply not doing those dumb
things gets you 2 orders of magnitude right there.

Also, remember that there's some basic economics involved too - if you do
a graph:

|X . . O where 'X' is the costs (incident response, cleanup,
C |X . . O lost sales, downtime, etc) of not being secure, and
O | X .. .. O 'O' is the cost of actually deploying security (this
S | X ..$.. O stuff *does* have real costs - ever had to get 30K
T | XX OO users to change their password on a regular basis?)
| XXX OOO The '.' line is the *sum* of those two, and will have
|OOOOOOO XXXXXXX a minimum value somewhere - I've marked that with a
+------------------ '$'. *THAT* is the correct level of security to have.
SECURITY

What you want is the *minimum total cost of security*. Now, for different
applications, the 'X' and 'O' lines have different shapes - if you're securing
nuclear launch codes, the 'X' is almost a horizontal (and very high) line -
it's very expensive to get hacked no matter what your security is. It makes
sense to spend a billion dollars to secure those. On the other hand, it
*doesnt* make sense to spend even $200K (and that's not much in development
terms - 2 man-years at best) to secure data that's only worth $2K.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech

[ reply ]

Re: Writing Secure code Dec 28 2002 07:40AM
Glynn Clements (glynn clements virgin net) (2 replies)

Re: Writing Secure code Dec 29 2002 12:35AM
Cesar (cesarc56 yahoo com)

Re: Writing Secure code Dec 28 2002 07:04PM
Crispin Cowan (crispin wirex com)

RE: Writing Secure code Dec 27 2002 08:51PM
Roger Alexander (rta cs colostate edu) (1 replies)

RE: Writing Secure code Dec 30 2002 12:41PM
Matt McClellan (mmcclellan nfr com) (2 replies)

RE: Writing Secure code Jan 01 2003 02:46AM
peleus (peleus peleus net) (1 replies)

RE: Writing Secure code Jan 03 2003 04:36AM
Timo Sirainen (tss iki fi)

Re: Writing Secure code[update] Dec 31 2002 10:20AM
Rahul Chander Kashyap (rahul nsecure net) (2 replies)

Re: Writing Secure code[update] Jan 01 2003 12:21PM
K K Mookhey (cto nii co in) (2 replies)

Re: Writing Secure code[update] Jan 04 2003 12:31AM
Warwick Molloy (wmolloy optushome com au)

Re: Writing Secure code[update] Jan 02 2003 11:55PM
Alex Russell (alex netWindows org)

Re: Writing Secure code[update] Dec 31 2002 08:28PM
Crispin Cowan (crispin wirex com)

RE: Writing Secure code Dec 27 2002 05:46PM
Jeremy Epstein (jepstein webmethods com) (1 replies)

Re: Writing Secure code Dec 27 2002 08:50PM
Valdis Kletnieks vt edu

Re: Writing Secure code Dec 27 2002 05:43PM
John Viega (viega list org) (2 replies)

Re: Writing Secure code Dec 27 2002 09:54PM
Alex Russell (alex netWindows org) (1 replies)

Re: Writing Secure code Dec 27 2002 08:57PM
John Viega (viega list org)

RE: Writing Secure code Dec 27 2002 08:59PM
Matt McClellan (mcc nfr com) (1 replies)

Re: Writing Secure code Dec 27 2002 09:06PM
John Viega (viega list org)