On the brittleness of software and the infeasibility of security metrics

  • Bellovin S
  • 59

    Readers

    Mendeley users who have this article in their library.
  • 49

    Citations

    Citations of this article.

Abstract

How secure is a computer system? Bridges have a load limit, but it isn't determined (as "Calvin and Hobbes" would have it) by building an identical bridge and running trucks over it until it collapses. In a more relevant vein, safes are rated for how long they'll resist attack under given circumstances. Can we do the same for software?

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

Authors

  • Steven M. Bellovin

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free