Articles

On the Brittleness of Software and the Infeasibility of Security Metrics

Bellovin, Steven Michael

How secure is a computer system? Bridges have a load limit, but it isn't determined (as "Calvin and Hobbes" would have it) by building an identical bridge and running trucks over it until it collapses. In a more relevant vein, safes are rated for how long they'll resist attack under given circumstances. Can we do the same for software?

Subjects

Files

Also Published In

Title
IEEE Security & Privacy
DOI
https://doi.org/10.1109/MSP.2006.101

More About This Work

Academic Units
Computer Science
Published Here
June 29, 2010