CHAPTER 28Assurance and Sustainability
There are two ways of constructing a software design. One way is to make it so simple that there are obviously no deficiencies. And the other way is to make it so complicated that there are no obvious deficiencies.
– TONY HOARE
Security engineers are the litigation lawyers of tech. We only get paid when something is wrong and we can always find something wrong.
– DAVE WESTON
To improve is to change; to be perfect is to change often.
– WINSTON CHURCHILL
28.1 Introduction
I've covered a lot of material in this book, some of it quite tricky. But I've left the hardest parts to the last. First, there's the question of assurance – whether the system will work, and how you're sure of this. Next, there's its cousin compliance – how you satisfy other people about this. Finally, there's sustainability – how long it will keep on working. Many practical questions are linked to these. How do you decide to ship the product? How do you sell the security and safety case to your insurers? How long are you going to have to maintain it, and at what cost?
What's new in 2020 is sustainability. In the 2008 edition, I called this chapter ‘Evaluation and Assurance’, and ended up by remarking that sound processes for vulnerability disclosure and product update were beginning to be as important as pre-market testing. The emphasis back then was on testing and evaluation schemes like the Common Criteria. That world is now moribund: the idea that a device ...
Get Security Engineering, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
