2011-01-22

no such thing

If I could only... would that make me safe? Is there a recipe for removing or mitigating all risk? Not in life. Not in software. In practice, everyday software is infinitely complex. Foreseeing and countering everything that could go wrong - however desirable - is not realistic. That's why I prefer not to talk about "secure" software. A desirable goal indeed but not within our reach. That'd be promising something we can't deliver. Software security is not absolute. It's about gray-scales and risk.

4 comments:

Kris said...

As it is with most things!

Per Stromsjo said...

Good point. Even somewhat specialized fields tend to reflect facts of life.

Thanks, Kris.

tommy said...

Strumpan, you might want to consider joining http://groups.google.com/group/sw-dev-musings for some interesting discussions...

--tole

Per Stromsjo said...

Ah, yet another social arena to monitor. Hopefully more active than this semi-dormant blog.

Thanks for the heads up!

last chance...

20190817