{{Header}}
{{Title|title=
Perfect Security
}}
{{#seo:
|description=Definition of "perfect security" in computing. Why true perfect security is impossible, supported by expert quotes and research insights.
}}
{{maintainability_mininav}}
{{intro|
Definition of "perfect security" in computing, and why it remains unattainable.

While the idea of achieving perfect security is appealing, it is fundamentally impossible. This page explains why, with supporting evidence from renowned computer security researchers, programmers, and educators. Below is a curated collection of expert perspectives illustrating the technical, economic, and practical limitations of perfect security.
}}

{{quotation
|quote=For a variety of technical reasons, computer security is extraordinarily weak. If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they’re in. If they’re not, it’s because you’re not high enough on their priority list to bother with.
|context=[https://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier]: [https://www.schneier.com/blog/archives/2016/02/security_vs_sur.html Security vs. Surveillance]
}}

{{quotation
|quote=You can't secure what you don't understand.

The worst enemy of security is complexity. This has been true since the beginning of computers, and it’s likely to be true for the foreseeable future.
|context=[https://en.wikipedia.org/wiki/Bruce_Schneier Bruce Schneier]: [https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html A Plea for Simplicity]
}}

{{quotation
|quote=A secure system must defend against all possible attacks—including those unknown to the defender. But defenders, having limited resources, typically develop defenses only for attacks they know about. New kinds of attacks are then likely to succeed. So our growing dependence on networked computing systems puts at risk individuals, commercial enterprises, the public sector, and our military.
|context=[https://en.wikipedia.org/wiki/Fred_B._Schneider Fred B. Schneider], Professor of Computer Science:[https://www.cs.cornell.edu/fbs/publications/SoS.blueprint.pdf Blueprint for a science of cybersecurity]
}}

{{quotation
|quote=So computer and network security in practice starts at the hardware and firmware underneath the endpoints. Their security provides an upper bound for the security of anything built on top.
|context=Security researcher and Qubes founder, Joanna Rutkowska: [https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf Intel x86 considered harmful]
}}

See also [[Open-source_Hardware#Hardware_Trust_in_Modern_Computing|Hardware Trust in Modern Computing]].

{{quotation
|quote=Defensive security is a difficult game, because one doesn't immediately see whether a given solution works or not. This is in stark contrast to other engineering disciplines (and to offensive security) where one usually have immediate feedback on whether something works well or not.
|context=Security researcher and Qubes founder, Joanna Rutkowska: [https://blog.invisiblethings.org/2012/06/27/some-comments-on-operation-high-roller.html Some comments on "Operation High Roller"]
}}

{{quotation
|quote=Well, what’s wrong with perfect defenses? The answer is simple: They cost too much.
|context=2000: [https://en.wikipedia.org/wiki/Butler_Lampson Butler W. Lampson], Microsoft, [https://www.cs.cornell.edu/courses/cs5430/2023fa/NL02.Lampson.pdf Computer Security in the Real World] <ref>
https://www.acsac.org/2000/papers/lampson.pdf
</ref>
}}

{{quotation
|quote=Bugs: Secure systems are complicated, hence imperfect.
|context=2009: Butler Lampson, [https://cacm.acm.org/opinion/usable-security-how-to-get-it/ Usable Security: How to Get It]
}}

{{quotation
|quote=Second, security gets in the way of other things you want.
}}

{{quotation
|quote=Research in cybersecurity may seem reactive, specific, ephemeral, and indeed ineffective. Despite decades of innovation in defense, even the most critical software systems turn out to be vulnerable to attacks. Time and again. Offense and defense forever on repeat. Even provable security, meant to provide an indubitable guarantee of security, does not stop attackers from finding security flaws. As we reflect on our achievements, we are left wondering: Can security be solved once and for all?
|context=Marcel Böhme, Cornell University: [https://arxiv.org/abs/2402.01944 Fundamental Challenges in Cybersecurity and a Philosophy of Vulnerability-Guided Hardening]
}}

{{quotation
|quote=The term “secure operating system” is both considered an ideal and an oxymoron. Systems that provide a high degree of assurance in enforcement have been called secure systems, or even more frequently “trusted” systems 1. However, it is also true that no system of modern complexity is completely secure. The difficulty of preventing errors in programming and the challenges of trying to remove such errors means that no system as complex as an operating system can be completely secure.
|context=Ravi Sandhu, University of Texas, San Antonio: [https://www.cs.columbia.edu/~suman/security_arch/s00126ed1v01y200808spt001.pdf Operating System Security, Synthesis Lectures on Information Security, Privacy and Trust]
}}

{{quotation
|quote=Every security system will eventually fail; there is no such thing as a 100% secure system.
|context=Roman V. Yampolskiy, M. S. Spellchecker, Cornell University: [https://arxiv.org/abs/1610.07997 Artificial Intelligence Safety and Cybersecurity: a Timeline of AI Failures]
}}

{{quotation
|quote='Absolute' security could be achieved only at unlimited cost.
|context=NIST: [https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir5424.pdf A Study of Federal Agency Needs for Information Technology Security]
}}

{{quotation
|quote=Asking how to make system "XYZ" secure against all threats is, at its core, a nonsensical question.

[...]

There is no perfect security in any real system—hardware fails, people make mistakes, and attacks outside our expectations may defeat our protection mechanisms.
|context=[https://en.wikipedia.org/wiki/Gene_Spafford Gene Spafford], Professor of Computer Science: [https://cacm.acm.org/opinion/answering-the-wrong-questions-is-no-answer/ Answering the Wrong Questions Is No Answer]
}}

{{quotation
|quote=The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts.
|context=Gene Spafford ([https://en.wikiquote.org/wiki/Gene_Spafford wikiquote])
}}

{{quotation
|quote=Program testing can be used to show the presence of bugs, but never to show their absence!
|context=[https://en.wikipedia.org/wiki/Edsger_W._Dijkstra Edsger W. Dijkstra]
}}

{{quotation
|quote=One of the few solid theoretical results in the study of computer viruses is Cohen's 1987 demonstration that there is no algorithm that can perfectly detect all possible viruses [1].

[1] Fred Cohen, "Computer Viruses: Theory and Experiments", Computers and Security 6 (1987) 22-35
|context=David M. Chess and Steve R. White IBM Thomas J. Watson Research Center: [https://web.mit.edu/6.857/OldStuff/Fall03/ref/ChessWhite-AnUndetectableComputerVirus.pdf An Undetectable Computer Virus]
}}

{{quotation
|quote=Perfect security is unachievable in any useful system. We trade-off security with other important goals: functionality, usability, efficiency, time-to-market, and simplicity.<br/><br/>
“The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.” –Robert H. Morris (mid 1980’s), former chief scientist of the National Computer Security Center<br/><br/>
It is '''undecidable''' whether a given piece of software contains malicious functionality.
|context=Dr. Bill Young, Department of Computer Science, University of Texas at Austin: [https://www.cs.utexas.edu/~byoung/cyberwarfare-slides.pdf US Army War College Fellowship, Cyber Defense/Offense]
}}

{{quotation
|quote=The defender has to find and eliminate all exploitable vulnerabilities; the attacker only needs to find one!
|context=Dr. Bill Young, Department of Computer Sciences, University of Texas at Austin: [https://www.cs.utexas.edu/~byoung/cs361/lecture2.pdf Foundations of Computer Security, Lecture 2: Why Security is Hard]
}}

{{quotation
|quote=Perfect security is probably impossible in any useful system.
}}

* [https://www.cl.cam.ac.uk/teaching/1011/R01/75-protection.pdf The Protection of Information in Computer Systems]
* Forbes: [https://www.forbes.com/sites/forbestechcouncil/2018/03/27/the-illusion-of-perfect-cybersecurity/ The Illusion Of Perfect Cybersecurity]
* reddit discussion: [https://www.reddit.com/r/cybersecurity/comments/rpqpbf/will_cyber_security_vulnerabilities_ever_stop/ Will cyber security vulnerabilities ever "stop existing"?]
* [[Dev/About_Computer_(In)Security|About Computer (In)Security]]

{{IntroLike|
Perfect security, while conceptually appealing, is unattainable due to the inherent complexity of computing systems, the limits of defensive knowledge, and the evolving nature of attacks. Even highly resourced and well-designed systems remain vulnerable when confronted with unknown exploits, hardware trust issues, or human error. Economic constraints and usability trade-offs further prevent the implementation of flawless defenses.
}}

= Footnotes =
* [https://en.wikipedia.org/wiki/Mikko_Hypp%C3%B6nen Mikko Hyppönen]: [https://thecyberwire.com/podcasts/8th-layer-insights/23/transcript If It's Smart, It's Vulnerable: a Conversation with Mikko Hyppönen]

<references />
{{Footer}}
[[Category:Documentation]]
[[Category:Design]]