11. Standards, Compliance, and Testing

Let's assume that you've used the tools and techniques mentioned throughout this book so far to try to build a secure system or that someone has handed you an allegedly secure system. How do you know that the system is safe? How safe is it really? What we'd really like to know is: How likely is it that the system will get into an unsafe state either by accident or by malice? Whether one is a vendor, an implementer, an administrator, or a customer, these questions are critically important.

It would be ideal if we could map the entire state space of our system and then look for system paths that lead to unsafe states; we could then simply avoid such paths. The complexity of modern software makes such a task ...

Get The Craft of System Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.