Issue No.04 - July/August (2006 vol.4)
Steven M. Bellovin , Columbia University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.101
How secure is a computer system? Bridges have a load limit, but it isn't determined (as "Calvin and Hobbes" would have it) by building an identical bridge and running trucks over it until it collapses. In a more relevant vein, safes are rated for how long they'll resist attack under given circumstances. Can we do the same for software?
security, software, defense systems, defense
Steven M. Bellovin, "On the Brittleness of Software and the Infeasibility of Security Metrics", IEEE Security & Privacy, vol.4, no. 4, pp. 96, July/August 2006, doi:10.1109/MSP.2006.101