Pages

2011-01-22

no such thing

If I could only... would that make me safe? Is there a recipe for removing or mitigating all risk? Not in life. Not in software. In practice, everyday software is infinitely complex. Foreseeing and countering everything that could go wrong - however desirable - is not realistic. That's why I prefer not to talk about "secure" software. A desirable goal indeed but not within our reach. That'd be promising something we can't deliver. Software security is not absolute. It's about gray-scales and risk.

4 comments:

  1. Kris McCrackenMonday, January 31, 2011 3:44:00 am

    As it is with most things!

    ReplyDelete
  2. stromsjoTuesday, February 01, 2011 9:27:00 pm

    Good point. Even somewhat specialized fields tend to reflect facts of life.

    Thanks, Kris.

    ReplyDelete
  3. tommyWednesday, April 13, 2011 9:37:00 pm

    Strumpan, you might want to consider joining http://groups.google.com/group/sw-dev-musings for some interesting discussions...

    --tole

    ReplyDelete
  4. stromsjoThursday, April 14, 2011 8:19:00 pm

    Ah, yet another social arena to monitor. Hopefully more active than this semi-dormant blog.

    Thanks for the heads up!

    ReplyDelete