From af1ce1e17a3b1ad2b2d9495d0ffcd1838ec1d970 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Wed, 14 Aug 2024 14:44:33 -0400 Subject: [PATCH 1/3] Reword availability quiz for clarity. Fixes #162 Signed-off-by: David A. Wheeler --- secure_software_development_fundamentals.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md index 43bf999..830e2b5 100644 --- a/secure_software_development_fundamentals.md +++ b/secure_software_development_fundamentals.md @@ -391,15 +391,15 @@ untrusted user might be an attacker. #### Quiz 1.2: Security Requirements -\>\>A typical requirement for an Internet-connected service is to stay available regardless of the attacks it undergoes. True or False?<< +\>\>A typical Internet-connected commercial service should try to stay available, but this may be difficult to achieve if the service is the target of a highly-resourced distributed denial-of-service attack (DDoS) by a criminal organization or nation-state. True or False?<< -( ) True +(x) True -(x) False +( ) False [Explanation] -This is false. It would be great if we could ensure that all Internet-connected services could always stay available. But in most cases, if every device in the world connected to the Internet requested a specific service, that service will be unable to handle the load. At some point, attackers with many resources can usually overwhelm the availability of a defender with few resources. +This is true. It would be great if we could guarantee that all Internet-connected services could always stay available. But in most cases, if every device in the world connected to the Internet requested a specific service, that service will be unable to handle the load. At some point, attackers with many resources can usually overwhelm the availability of a defender with few resources. Of course, we should not make it easy for an attacker to take down a system. So instead, any Internet-connected services we build should be able to handle some moderate request rate so that an attacker has to at least commit nontrivial resources. You could do this by designing the system so that it can rapidly scale to large request sizes, and using other services like content delivery networks (CDNs) to harden the system against large loads. In addition, a service can use techniques like rapid recovery so that even if it is taken down by an attack, it can quickly recover when the attack ends. From 3bf58ec9e5cbd1e606be6e329260639697205fd0 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Thu, 22 Aug 2024 17:44:02 -0400 Subject: [PATCH 2/3] Tweak availability question per comments from CRob Clarify availability question. Signed-off-by: David A. Wheeler --- secure_software_development_fundamentals.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md index 830e2b5..b911ef7 100644 --- a/secure_software_development_fundamentals.md +++ b/secure_software_development_fundamentals.md @@ -391,7 +391,7 @@ untrusted user might be an attacker. #### Quiz 1.2: Security Requirements -\>\>A typical Internet-connected commercial service should try to stay available, but this may be difficult to achieve if the service is the target of a highly-resourced distributed denial-of-service attack (DDoS) by a criminal organization or nation-state. True or False?<< +\>\>A typical Internet-connected service should try to stay available, but this may be difficult to achieve if the service is the target of a highly-resourced distributed denial-of-service attack (DDoS). True or False?<< (x) True @@ -399,7 +399,7 @@ untrusted user might be an attacker. [Explanation] -This is true. It would be great if we could guarantee that all Internet-connected services could always stay available. But in most cases, if every device in the world connected to the Internet requested a specific service, that service will be unable to handle the load. At some point, attackers with many resources can usually overwhelm the availability of a defender with few resources. +This is true. It would be great if we could ensure that all Internet-connected services could always stay available. But in most cases, if every device in the world connected to the Internet requested a specific service, that service will be unable to handle the load. At some point, attackers with many resources can usually overwhelm the availability of a defender with few resources. Of course, we should not make it easy for an attacker to take down a system. So instead, any Internet-connected services we build should be able to handle some moderate request rate so that an attacker has to at least commit nontrivial resources. You could do this by designing the system so that it can rapidly scale to large request sizes, and using other services like content delivery networks (CDNs) to harden the system against large loads. In addition, a service can use techniques like rapid recovery so that even if it is taken down by an attack, it can quickly recover when the attack ends. From 7cb10ad0c35fc6f298c2979397c9b465093aeab3 Mon Sep 17 00:00:00 2001 From: "David A. Wheeler" Date: Wed, 4 Sep 2024 09:40:31 -0400 Subject: [PATCH 3/3] Move DDoS abbreviation immediately after full phrase Signed-off-by: David A. Wheeler --- secure_software_development_fundamentals.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/secure_software_development_fundamentals.md b/secure_software_development_fundamentals.md index b911ef7..27af520 100644 --- a/secure_software_development_fundamentals.md +++ b/secure_software_development_fundamentals.md @@ -391,7 +391,7 @@ untrusted user might be an attacker. #### Quiz 1.2: Security Requirements -\>\>A typical Internet-connected service should try to stay available, but this may be difficult to achieve if the service is the target of a highly-resourced distributed denial-of-service attack (DDoS). True or False?<< +\>\>A typical Internet-connected service should try to stay available, but this may be difficult to achieve if the service is the target of a highly-resourced distributed denial-of-service (DDoS) attack. True or False?<< (x) True