
Statement is 100% correct but misses the entire point - BerislavLopac
http://nibblestew.blogspot.com/2020/04/your-statement-is-100-correct-but.html
======
karlicoss
Regarding the security point specifically: it would be nice if there were more
rigorous frameworks for reasoning about such things (instead of anecdata).

E.g. “How do I take into account, model and parameterize all possible attack
vectors, including NASA or random hackers”

Maybe there are and I'm just not aware of them? How do security professionals
reason about the risk?

~~~
pjmlp
For starters using security modelling tools or standards like MISRA-C,
AUTOSAR, Frama-C, Microsoft SAL, Z3, CERT, OWASP.

Some of them allow for mechanical validation tools, for example
[https://www.qa-systems.com/tools/qa-misra/](https://www.qa-
systems.com/tools/qa-misra/)

Then there are others which are checklist based on all the things that a
secure deployment should take into account.

Stuff like one separate account per daemon process, each process sandboxed to
the data it requires, no direct root access from outside, and so forth.

