Sitemap
Plain and Simple

Some concepts are hard to put into context. Examples and contrasting the concepts to related ones help

Safe vs Secure

3 min readSep 27, 2020

--

When I hear “safety” in the context of software development, I’m always reminded that I need to automate my backup solution. The potential harm most software developers have to deal with is luckily only data loss due to hardware failures.

Safety is resilience against accidential harm to people, property, or the environment.

Aspects of safety in software development and operations include:

  • Availability: A single server could be cut off the internet by construction workers, a hard drive could reach its end of life, a fire could break out, an earthquake could hit the region.
  • Scalability: Web services might go down when they are too successful. It’s sometimes called the “hug of death” when a huge website links to a small one. Or just when you have a successful marketing campaign.
  • Integrity: All ways to send data are prone to errors. Package loss or bit-flips happen. We have error-correcting protocols to deal with that.

Software can also be safety-critical, for example when you think about airbags. A defect there can put lives under risk (example). Other examples of safety-critical software include traffic lights, life-support systems, software managing the electrical power grids, industrial software which is used in machines that produce medicine, pacemakers, and many more.

When we are talking about security in software development, we are thinking about hackers. Wikipedia has a pretty nice explanation:

Security is resilience against harm caused by others.

Aspects of security in software development and operations include:

  • Accountability: You want to have a log of changes. This includes source code. In the version control system git, you can even cryptographically sign the changes so that others cannot tamper with your changes.
  • Availability: An attacker might run a Denial-of-Service attack (DOS).
  • Confidentiality: Man-in-the-middle (MITM) attacks that apply packet sniffing come to my mind. wrote a nice article about this topic.
  • Integrity: Think of a bank account. An attacker wants to increase the money on one account. Cryptojacking is an example where not data, but the software is affected.

Measures to increase security include:

TL;DR: Differences between Safety and Security

See also

--

--

Plain and Simple
Plain and Simple

Published in Plain and Simple

Some concepts are hard to put into context. Examples and contrasting the concepts to related ones help

Martin Thoma
Martin Thoma

Written by Martin Thoma

I’m a Software Engineer with over 10 years of Python experience (Backend/ML/AI). Support me via https://martinthoma.medium.com/membership

No responses yet