We need assurance! [assurance of computing quality, reliability, and safety]

Abstract

When will we be secure? Nobody knows for sure - but it cannot happen before commercial security products and services possess not only enough functionality to satisfy customers' stated needs, but also sufficient assurance of quality, reliability, safety, and appropriateness for use. Such assurances are lacking in most of today's commercial security products and services. The author discusses paths to better assurance in operating systems, applications, and hardware through better development environments, requirements definition, systems engineering, quality certification, and legal/regulatory constraints. The author also gave some examples