When we prepare to test a system we usually try to imagine how the system can fail, then we look for ways in which the requirements, design, or code can enable such failures. In the same way when we prepare to specify, design, code, or test a secure system, we try to imagine the vulnerabilities that would prevent us from reaching one or more of our three security goals. It is sometimes easier to consider vulnerabilities as they apply to all three broad categories of system resources, rather than to start with the security goals themselves. Read More