[langsec-discuss] composability

dan at geer.org dan at geer.org
Sat Jan 9 02:19:50 UTC 2016


So far as I know, security is not composable, which is to say
that there is no reason to expect that the connection of N>1
known-secure components is itself secure in the aggregate.

But as an honest question, could or would the broad deployment
of LANGSEC diligence help with that problem of composability?
My intuition is "yes, it could or would help" but it is only
intuition, not a deduction.

Were it possible to persuasively show that diligent LANGSEC
work would help with composability, then the demand for that
diligence might grow quite strong.

Thinking out loud,

--dan



More information about the langsec-discuss mailing list