The slides from OWASP Europe are now available online. I would like point out this idea from Jeff Williams regarding a minimum standard of health information for software. Kinda says it all...
« Applying the Feynman-Tufte Principle to Software Architecture | Main | XML Security Best Practices from Vordel »
The comments to this entry are closed.
Are you familiar with my Pure Software Act of 2006 proposal? It's significantly more workable.
Posted by: Simson L. Garfinkel | April 26, 2005 at 10:36 PM
The Pure Software Act is a very interesting idea. It would be a huge advantage for consumers to know if they are installing software that is phishable, for instance. The difference between the two concepts, as far as I can tell, is that in Jeff's approach the listing contains known vulnerabilities and countermeasures (information that is valuable to technical people), whereas the Pure Software Act provides labels that help consumers make decisions. It would seem that there is room for both in the metaverse, no?
Posted by: Gunnar | April 27, 2005 at 09:13 AM
The key difference between this approach and the approach that I put forth in the Pure Software Act is that this approach labels potential attacks and volunerabilities of which the author of the software might not be aware. On the other hand, the Pure Software approach has authors label functionality that was both intentionally placed into the software, and which causes the software to operate in a manner that is unexpected.
This approach is humorous and points out a real problem---poor software quality. My approach is a credible solution to the problem of spyware.
Posted by: Simson L. Garfinkel | April 30, 2005 at 09:57 AM