Software Security Philosophy

What is “security”? Well, not in broad sense, that is, but in software security? What does it mean: to develop secure software? What do we understand to fall into the realm of software security?

I tell you what I mean when I say “software security”. For me, the software security means to bring the intent of the original designer to the customer.

This is very simple. The designer had some idea in mind when designing the software. He had some intention for the software to function in a particular way. That mental picture is translated into design, brought over into development, translated into source code, translated into binary, delivered, installed and configured at the csutomer’s site. And our task is to ensure that what operates now at the customer’s site reflects exactly what developer had in mind. If it does not – we have a breach of security.

I know that this is a very broad definition and it encompasses many areas traditionally thought to be outside the realm of security. Some people do not like that. But in my view, this is much simpler to act on than to try and define the precise separation of realms.

Take …
Read the full article ->

Service: cheap, cheapest… cheaper!

I find it disturbing how even the most normal appearing people are falling for the cheap-cheap-cheap mantra of the day. Take the telephone services. My friend, who would always check the quality of everything he buys and make sure that it is of at least fairly acceptable level, falls for the “we have it cheaper than everyone else” internet and telephony package. Result is very predictable: half a year of wasted time, miserable service, lost money.

Why does this happen? It seems easier to accept the “everything is equal anyway” lie when you cannot assess the quality expertly in advance. It is probably difficult to assess the quality of a used car for a non-specialist, but at least you can see the rust. When you only see the colorful brochures, it becomes near impossible to judge the quality of a future service. And it is, oh, so easy to judge the amount of money you pay.

When you select the services next time, remember, it is not only the money you pay. The service you receive should also be taken into account. You are not just paying money, you are paying money for the service. Make sure the service is …
Read the full article ->


I spent a lot of time recently thinking about toys. Well, it all started not so recently, in fact, but recently this idea that I am toying with is not letting me rest. So I spend more and more time thinking about toys.

If you never noticed, the toys in the shops are somewhat different from what we used to have a good twenty years ago. Drop by some time at the toy shop and have a very good look around just by yourself. Check out the toys. See anything strange? No? Check the material and where they are all made. Maybe that’ll give a clue.

Once, toys were not so abundant. When I grew up, the toys were something very special. You did not even get a toy every birthday, although the parents tried. They were expensive and they were good. And you cherished and wanted them. And they were a pleasure to hold and, oh, so carefully, to play with.

Then the industrial revolution in the toy world happened. First, there became to be many, many more toys and they became cheap. And that was wonderful. Kids could now have all the toys in the world. Well, most …
Read the full article ->