1. (DUE October 25, 2005 by midnight EDT) Briefly discuss what you learned from the readings in chapters 17:
   • What was the most surprising thing you learned?
   • What was the most difficult part for you?
2. (DUE October 25, 2005 by midnight EDT) Select one of the following questions to discuss in detail through the threaded discussion.
   • Definition 18-2 defines assurance in terms of "confidence." A vendor advertises that its system was connected to the Internet for three months, and no one was able to break into it. It claims that this means that the system cannot be broken into from any network.
     a) Do you share the vendor's confidence? Why or why not?
     b) If a commercial evaluation service had monitored the testing of this system and confirmed that, despite numerous attempts, no attacker had succeeded in breaking into it, would your confidence in the vendor's claim be increased, decreased, or left unchanged? Justify your answer.
   • A computer security expert contends that most break-ins to computer systems today are attributable to flawed programming or incorrect configuration of systems and products. If this claim is true, do you think design assurance is as important as implementation and operational assurance? Why or why not?
   • Nearly half of all vulnerabilities in software today are a result of buffer overflows. What steps are necessary to assure that software does not contain buffer overflows? How realistic is this?
3. (DUE Oct. 30, 2005 by midnight EDT) Select a discussion from one or more of your classmates and respond to their comments.

Click here to return to Wayne's World's homepage: