Issue No. 04 - July/August (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.101
Steven M. Bellovin , Columbia University
How secure is a computer system? Bridges have a load limit, but it isn't determined (as "Calvin and Hobbes" would have it) by building an identical bridge and running trucks over it until it collapses. In a more relevant vein, safes are rated for how long they'll resist attack under given circumstances. Can we do the same for software?
security, software, defense systems, defense
S. M. Bellovin, "On the Brittleness of Software and the Infeasibility of Security Metrics," in IEEE Security & Privacy, vol. 4, no. , pp. 96, 2006.