'Unbreakable' was a stretch, 'Rugged' more attainable

CSO Senior Editor Bill Brenner on why the Rugged Software initiative is a big step forward in the quest for cybersecurity.

. What's this?

By , Senior Editor

May 18, 2010CSO

When Oracle launched its "Unbreakable" marketing campaign almost a decade ago, the idea was never to suggest its software could never fall victim to vulnerabilities and exploits. It was more a statement about being committed to the goal of making it unbreakable.

But when it used that word, expectations were raised to a level no software maker could meet.

People take words quite seriously in the security industry, and unbreakable meant it could not be broken. So in the years that followed, when tons of vulnerabilities were uncovered by the likes of researcher David Litchfield, Oracle suffered a reputational blow. To its credit, the database giant has worked feverishly to do better. Under the leadership of CSO Mary Ann Davidson, Oracle has put a rigorous security assurance program in place.

But the word "Unbreakable" still troubles the ears, because in my experience ANY piece of technology can be broken if someone is determined enough to make it happen. It's like a wise uncle once told me when our house was broken into despite the security system my father had installed: "If someone wants to get in, they're going to get in."

I'm much more comfortable with another word: Rugged.

Rugged doesn't mean it can never be busted. It does imply a toughness that's a lot better than what came before.

That's why I like the Rugged Software initiative founded by 451 Group Enterprise Security Practice Research Director Joshua Corman, Monterey Group Executive Director David Rice and Aspect Security CEO Jeff Williams.

When launching the initiative, the trio released what they call the Rugged Software Manifesto:

  • I am rugged and, more importantly, my code is rugged.
  • I recognize that software has become a foundation of our modern world.
  • I recognize the awesome responsibility that comes with this foundational role.
  • I recognize that my code will be used in ways I cannot anticipate, in ways it was not designed, and for longer than it was ever intended.
  • I recognize that my code will be attacked by talented and persistent adversaries who threaten our physical, economic, and national security.
  • I recognize these things - and I choose to be rugged.
  • I am rugged because I refuse to be a source of vulnerability or weakness.
  • I am rugged because I assure my code will support its mission.
  • I am rugged because my code can face these challenges and persist in spite of them.
  • I am rugged, not because it is easy, but because it is necessary and I am up for the challenge.

What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
RESOURCE CENTER