Schneier's conclusion is absolutely correct. The only safe system is powered down and disconneced, but then it is useless.
Security is the process of managing the tradeoffs between risk and use.
Even so, the difficulty of finding bugs doesn't excuse much of the schlocky v1.0 stuff that gets sold.
There exist software engineering models that, if used, can improve the quality end products. For example, look here.
Also, the FAA has a particularly onerous protocol for use in developing real time life critical software.
Slashdot Mirror
It won't make it to trial. Someone will get paid off.
Is my cynicism showing?
This site hasn't been updated recently, but has many great examples of what not to do.
Schneier's conclusion is absolutely correct. The only safe system is powered down and disconneced, but then it is useless. Security is the process of managing the tradeoffs between risk and use.
Even so, the difficulty of finding bugs doesn't excuse much of the schlocky v1.0 stuff that gets sold.
There exist software engineering models that, if used, can improve the quality end products. For example, look here.
Also, the FAA has a particularly onerous protocol for use in developing real time life critical software.
It's now k$50+, but the reserve still hasn't been met. Where did he set the reserve, 7 figures? 8?
It seems Halifax, NS has banned scents. See: The Smell Test in The Boston Globe 2000/5/26