More on Snow's Assurance Paper
This is a followup to Gunnar Peterson’s comments on “Epstein, Snow and Flake: Three Views of Software Security.” His comments are in an update to the original post, “The Road to Assurance:”
None of these views, by themselves are adequate. The combination of horizontal and vertical views is what yields the most accurate picture. Obviously, iteration is the only way to work towards that. Adam’s brilliant suggestion? OODA Loops.
I think there’s some misunderstanding here. First, I don’t understand what Gunnar means by ‘horizontal’ and ‘vertical’ views. Secondly, I’m not actually suggesting OODA loops as a means of advancing. Being intelligent about our choice of things to observe and how to interpret our observations is essential, and much harder than it seems.
A project I’m working on has an aspect I call “the jell-o slicing problem.” That is, there are lots of valid ways to slice jell-o. None of them are obviously more valid than all the others, but many of them are obviously more valid than some others. Some of the original project descriptions were broad and aspired to really great things. Things that we’ve been meaning to get to for quite some time.
Choosing what to observe and how to measure those observations is causing us much grief.
I think there is probably a simple set of things that we can look at to increase assurance. I think most people probably think so, and when we start digging in, in forums like “build security in” and the NIST/DHS SAMATE project, we realize just how divergent, chaotic, and different our views are.
As I finished this, I see that Gunnar has another article, “Assurance Techniques Review.” I’ll respond in a bit.