Shostack + Friends Blog Archive


Reliability and Security

However, Engler thinks the security explanation should be taken with a grain of salt. His research in the late 1990s aimed to improve the reliability of software. Security analysis was part of the story, he says, but “basically, we just didn’t want stuff to crash.”

(writes Jon Udell in Infoworld.) But Crispin Cowan has a different take, which is that while related, reliability techniques don’t always work for security. That’s because random faults can be addressed by redundancy, but security flaws, induced by attackers, need different protections. Read his book chapter for the details. (PDF)