Re: What is a security bug?

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: What is a security bug?
From: Noah Meyerhans <noahm@debian.org>
Date: Wed, 23 Nov 2005 11:44:27 -0500
Message-id: <[🔎] 20051123164427.GN21833@morgul.net>
Mail-followup-to: Noah Meyerhans <noahm@debian.org>, Florian Weimer <fw@deneb.enyo.de>, debian-security@lists.debian.org
In-reply-to: <[🔎] 87hda3r2wp.fsf@mid.deneb.enyo.de>
References: <[🔎] 5B97FFB7F28E3E4294B049C968CBF47BE46E1B@SERVER-EX02A.INTERN.BBNED.NL> <[🔎] 87hda3r2wp.fsf@mid.deneb.enyo.de>

On Wed, Nov 23, 2005 at 12:59:02PM +0100, Florian Weimer wrote:
> Availability is typically considered one aspect of security (and
> arguably the hardest one to get right in networked applications).

I tend to consider it the other way around.  Security is a subset of
availability.  Availability must also take in to account things like
hardware failures, network problems, software configuration, etc.  It
also must account for security.  As a sysadmin, my primary interest is
not in the security of my services (if it was, I'd unplug them all!),
but in the availability.  Because security is one aspect of
availability, I must account for it when designing and maintaining
systems, but it can't be the ultimate goal, since a truly secure system
provides no availability.

noah

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: What is a security bug?
  - From: Florian Weimer <fw@deneb.enyo.de>

References:
- RE: What is a security bug?
  - From: "Jasper Filon" <jasper.filon@bbned.nl>
- Re: What is a security bug?
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: What is a security bug?
Next by Date: Re: What is a security bug?
Previous by thread: Re: What is a security bug?
Next by thread: Re: What is a security bug?
Index(es):
- Date
- Thread