[cap-talk] POLA and decomposition:sum of functionality*authority but how about the dynamics?
Mark Miller
erights at gmail.com
Thu Sep 20 17:04:40 EDT 2007
On 9/20/07, Rob Meijer <capibara at xs4all.nl> wrote:
> 4) : As a quantifier of risk the subsystems poses you can take the
> product of the privileges the sumsystem requires and the
> complexity c[i] of the subsystem implementation.
> r[i] = c[i]*p[i]
Rob, you are still completely losing me with this multiplication. I
have no idea why you are multiplying privilege and complexity. The
only thing I can think of (with Ihab's help) is that you are using
"complexity" as an indicator of your uncertainty that the subsystem
does what you think it does. Are we in the same ballpark? If not, can
you find a different approach for explaining this?
--
Text by me above is hereby placed in the public domain
Cheers,
--MarkM
More information about the cap-talk
mailing list