For many years in secure coding training, I have used this quote from Gary McGraw- "Software security is the idea of engineering software so that it continues to function correctly under malicious attack."
This simple yet powerful statement encapsulates many of our challenges, however I have one nit to pick, and it makes our job harder. Our job, in my view, is to engineer software so that it continues to function correctly under attack. Note that I left out "malicious."
Many times we don't care if the attack was on purpose of accidental. If someone types rm -r and the database is gone, on many levels- intent, both going forward and avoiding this mistake, is not the main issue.
An example I use in training is whether its an actively malicious attacker or a legit employee, say Homer Simpson, falling asleep on his keyboard, if the data is gone its gone.
Looks like the latter has happened:
A German bank employee accidentally transferred 222,222,222.222 euros ($295 million) from a customer's account when he fell asleep at his computer.The bank clerk had been attempting to transfer just 62.40 euros ($82.80) for the customer, a pensioner, when he dozed off with a finger on his keyboard's "2" key.
The bank did catch the issue on the backend, but its a good reminder that threats and threat intent is of secondary importance when compared to protecting assets.
This makes our jobs harder because we have to work to avoid both malicious acts as well as attempting to anticipate mistakes.
I do agree that assets are the thing we're trying to ultimately protect. However, I think Gary McGraw's use of the word malicious is entirely appropriate.
It captures the idea that we must continue to function correctly when up against someone *intentionally* trying to subvert you, using all means at their disposal. This is simply a higher bar than guarding against honest mistakes.
Posted by: Matt Palmer | June 12, 2013 at 06:15 AM
@Matt - agree that we need to worry about malicious threats and intentional subversion in many cases presents a higher bar.
In addition, there are certain types of damage that can arise from an authenticated, authorized user's misuse.
We can look the Lost Stolen scenarios for mobile as an indicator. MDM is widely used to cope with Lost Stolen threats. But here we see intent - Lost is an accident and Stolen is malice.
Note this is not necessarily at odds with yours since they may be coerced to take actions on behalf a malicious actor
Posted by: gunnar | June 12, 2013 at 09:04 AM