Intro
- error: made by human
- bug/vulnerability: consequence of error
- when the bug is triggered/exploited, generates security failure
security is intersection of:
- availability: can be ensure that services can stay available and not be take down by attackers
- confidentiality: can we keep info secret
- integrity: can we keep data from being modified by attackers
Some applications work but have vulnerabilities:
- insecure configs
- systems have a conflicting security policy
- side channels – e.g. indirect observation of data
- hardware vulnerabilities