Re: thoughts on kernel security issues

From: Marcin Dalecki
Date: Fri Jan 14 2005 - 21:59:18 EST

Next message: David Dyck: "Re: Linux 2.4.29-rc2"
Previous message: H. Peter Anvin: "Re: chasing the four level page table"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Arjan van de Ven: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2005-01-15, at 01:34, Alan Cox wrote:

Its also about -risk- levels and the sum of risk to all parties
involved.

Rather "Its also about price levels and the sum of costs to all parties involved."

For example if you share the costs of 5000 lines of code with millions of people
you can afford to pay the costs of developing them in a way which really assures safety.
Think about the software controlling a servo motor in your car...

You can't neglect economics when thinking about security issues, because
costs are the "metric" of this "space". If you don't like dollars just think about an even more
precise currency you have to pay with anyway: developer time.

Its simply expensive to develop well working code. And on the other hand buggy code is not bad in itself. Its just that cheap...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Dyck: "Re: Linux 2.4.29-rc2"
Previous message: H. Peter Anvin: "Re: chasing the four level page table"
In reply to: Alan Cox: "Re: thoughts on kernel security issues"
Next in thread: Arjan van de Ven: "Re: thoughts on kernel security issues"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]