Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 1 day ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 7 days ago http://t.co/cknQcDbo #Kindle
about 15 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
about 29 days ago http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding Security is a quality attribute
Security is a quality attribute
Written by Division by Zero   
Monday, 12 April 2010 09:20

On 25 march Valissa commented on my article "The security dilemma revisited". The comment is:

"Ok let's think aloud. thinking from the perspective of a customer I ask myself why should I need security, what are the benefits for me?
I can only see disadvantages like costs, time and it's difficult to understand"

If I summarize this it would be: "Customers don't want security, they want quality". This is true. Customers (our business) don't want security.

Think about it. If you buy a house, you don't want locks. Locks limit your freedom to freely walk in and out of your house and they are in the way if your door is locked and you carry bags in both of your hands. What you want if live in this house comfortably. What you also want is to let some people in to your house and other people, especially the ones you don't know and in the middle of the night, out. So you put up with the disadvantages of locks, because locks give us more comfort than discomfort.

Reading the ISO 9126 standard for software quality, security is a quality attribute under functionality. Our job is to implement security like this: it has to give more comfort than discomfort. Only that way user will put up with the security functionality.

As said: customers don't want security just as we (software specialists) don't want locks on our doors. But what do customers want? We often (and should!) base our security measures on CIA: Confidentiality, Integrity and Availability. Herein lies what a customer want. How well protected must the data be and what is the risk I'm willing to take. How important is it to me that no-one is able to tamper the data or what level of tampering isn't that bad? And when and where should the data be available to me and to my clients and what is the risk when it's not available?

The conclusion is that if you want to deliver a quality software product, security must be an aspect of this quality.

Tags:

Related Articles
 

Add comment


Security code
Refresh

If the human brain was simple enough for us to understand we'd be so simple we couldn't understand. - Unknown


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.