Re: Writing Secure code
From: Valdis.Kletnieks@vt.edu
Date: 12/27/02
- Previous message: Jeremy Epstein: "RE: Writing Secure code"
- In reply to: Rahul Chander Kashyap: "Writing Secure code"
- Next in thread: Roger Alexander: "RE: Writing Secure code"
- Reply: Roger Alexander: "RE: Writing Secure code"
- Reply: Glynn Clements: "Re: Writing Secure code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Rahul Chander Kashyap <rahul@nsecure.net> From: Valdis.Kletnieks@vt.edu Date: Fri, 27 Dec 2002 13:03:08 -0500
On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <rahul@nsecure.net> said:
> And one more thing...<this one might be intresting ;-)> Is it possible
> to write code that is completely secure and not exploitable?
This is just a specific case of the question "Is it possible to write
totally bug-free code"? And yes, it's *possible* to write bug-free code.
The problem is that it's incredibly difficult to manage the development
process in such a way that bugs are totally prevented - remember that humans
are writing the code, and humans are.. well... human. ;)
On the flip side, good development practices can probably gain us 2 or maybe
even 3 orders of magnitude in security - remember that 98% of security bugs
are The Same Dumb Things over and over - so simply not doing those dumb
things gets you 2 orders of magnitude right there.
Also, remember that there's some basic economics involved too - if you do
a graph:
|X . . O where 'X' is the costs (incident response, cleanup,
C |X . . O lost sales, downtime, etc) of not being secure, and
O | X .. .. O 'O' is the cost of actually deploying security (this
S | X ..$.. O stuff *does* have real costs - ever had to get 30K
T | XX OO users to change their password on a regular basis?)
| XXX OOO The '.' line is the *sum* of those two, and will have
|OOOOOOO XXXXXXX a minimum value somewhere - I've marked that with a
+------------------ '$'. *THAT* is the correct level of security to have.
SECURITY
What you want is the *minimum total cost of security*. Now, for different
applications, the 'X' and 'O' lines have different shapes - if you're securing
nuclear launch codes, the 'X' is almost a horizontal (and very high) line -
it's very expensive to get hacked no matter what your security is. It makes
sense to spend a billion dollars to secure those. On the other hand, it
*doesnt* make sense to spend even $200K (and that's not much in development
terms - 2 man-years at best) to secure data that's only worth $2K.
-- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
- application/pgp-signature attachment: stored
- Next message: Alex Russell: "Re: Writing Secure code"
- Previous message: Jeremy Epstein: "RE: Writing Secure code"
- In reply to: Rahul Chander Kashyap: "Writing Secure code"
- Next in thread: Roger Alexander: "RE: Writing Secure code"
- Reply: Roger Alexander: "RE: Writing Secure code"
- Reply: Glynn Clements: "Re: Writing Secure code"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
