Fail Open or Fail Closed?
When something breaks, does it leave a door open or closed?
In this post, the author discusses the concepts of “fail open” and “fail closed” in software design. Fail open allows systems to remain operational in the event of a failure, while fail closed prioritizes security by shutting down in the face of errors. The implications of each approach are explored, helping readers understand how to choose the right strategy based on their specific needs and contexts.
Generated by Azure AI on June 24, 2024I’m reading Secure Coding: Principles and Practices from O’Reilly and I stumbled on something worth thinking about: should your software fail open or fail closed?
Say you’re building a corporate firewall. What happens when it encounters a fatal error and can’t figure out what’s a good packet and what’s a bad packet? Should it shut down and leave the machine open (fail open), or should it just stop evaluating and reject every packet (fail closed)? Arguments could be made for both options.
What if you’re building a system to regulate the flow of oxygen to a deep sea submersible? Say the software encounters an error and has to shut down. Without regulation from the software, should the valve stay open or closed?
Think about magnetically controlled doors. Does the magnet hold the bar in the locked position against the tension device trying to unlock it? Or does the magnet hold the bar in the unlocked position, against the tension device trying to lock it? The answer is the difference between whether the door is locked or unlocked on a power failure (assuming the magnet needed power to have force). One answer is good for complete security (lock on power failure), but then what happens to the fire escapes?
Interesting concept – one of those things that hangs around in the back of your mind and never really gets a light shined on it. Good book, too.