Re: Writing Secure code

Date: 12/27/02

  • Next message: Alex Russell: "Re: Writing Secure code"
    To: Rahul Chander Kashyap <>
    Date: Fri, 27 Dec 2002 13:03:08 -0500

    On Fri, 27 Dec 2002 18:16:17 +0530, Rahul Chander Kashyap <> said:

    > And one more thing...<this one might be intresting ;-)> Is it possible
    > to write code that is completely secure and not exploitable?

    This is just a specific case of the question "Is it possible to write
    totally bug-free code"? And yes, it's *possible* to write bug-free code.
    The problem is that it's incredibly difficult to manage the development
    process in such a way that bugs are totally prevented - remember that humans
    are writing the code, and humans are.. well... human. ;)

    On the flip side, good development practices can probably gain us 2 or maybe
    even 3 orders of magnitude in security - remember that 98% of security bugs
    are The Same Dumb Things over and over - so simply not doing those dumb
    things gets you 2 orders of magnitude right there.

    Also, remember that there's some basic economics involved too - if you do
    a graph:

      |X . . O where 'X' is the costs (incident response, cleanup,
    C |X . . O lost sales, downtime, etc) of not being secure, and
    O | X .. .. O 'O' is the cost of actually deploying security (this
    S | X ..$.. O stuff *does* have real costs - ever had to get 30K
    T | XX OO users to change their password on a regular basis?)
      | XXX OOO The '.' line is the *sum* of those two, and will have
      |OOOOOOO XXXXXXX a minimum value somewhere - I've marked that with a
      +------------------ '$'. *THAT* is the correct level of security to have.

    What you want is the *minimum total cost of security*. Now, for different
    applications, the 'X' and 'O' lines have different shapes - if you're securing
    nuclear launch codes, the 'X' is almost a horizontal (and very high) line -
    it's very expensive to get hacked no matter what your security is. It makes
    sense to spend a billion dollars to secure those. On the other hand, it
    *doesnt* make sense to spend even $200K (and that's not much in development
    terms - 2 man-years at best) to secure data that's only worth $2K.

    				Valdis Kletnieks
    				Computer Systems Senior Engineer
    				Virginia Tech

    Relevant Pages

    • Re: Ten least secure programs
      ... it's probably better you leave the topic alone ... I said I do not have security issues with the programs I code. ... I didn't realize you were a Linux user, ... > the most widely used and secure UNIX flavors? ...
    • "An Asp.Net accident waiting to happen" - Draft article
      ... In a time where Security ... in shared hosting environments. ... technologies that allow the creation and deployment of secure ... IIS 6 web server and windows 2003 also provide some tools to deploy ...
    • RE: Why Easy To Use Software Is Putting You At Risk
      ... I do agree that the additions and changes to Solarius will make it more secure and that this is good. ... Why Easy To Use Software Is Putting You At Risk ... instead I would say that the view that security is ... Four Construction Workers Died after Crane Collapse in Toledo, ...
    • Why Easy To Use Software Is Putting You At Risk
      ... Anyone who has been working with computers for a long time will have noticed ... because DNS does not configure properly or security permissions are relaxed ... Is It Also Secure ... guarantee that no one really knows for sure, not even Microsoft developers. ...
    • Re: Screensaver takes too much time to fade-out...
      ... If you are serious about making your machine secure, ... learn a thing or two about security. ... These logs are mailed to the root user at 3am. ... Setup dovecot and use a local email client to fetch it. ...