2011-01-22

no such thing

If I could only... would that make me safe? Is there a recipe for removing or mitigating all risk? Not in life. Not in software. In practice, everyday software is infinitely complex. Foreseeing and countering everything that could go wrong - however desirable - is not realistic. That's why I prefer not to talk about "secure" software. A desirable goal indeed but not within our reach. That'd be promising something we can't deliver. Software security is not absolute. It's about gray-scales and risk.

4 comments:

Kris McCracken said...

As it is with most things!

stromsjo said...

Good point. Even somewhat specialized fields tend to reflect facts of life.

Thanks, Kris.

tommy said...

Strumpan, you might want to consider joining http://groups.google.com/group/sw-dev-musings for some interesting discussions...

--tole

stromsjo said...

Ah, yet another social arena to monitor. Hopefully more active than this semi-dormant blog.

Thanks for the heads up!

20241010