dannycastonguay/SUBSAFE vs CYBERSAFE.md

## SUBSAFE vs CYBERSAFE.md

      
    Raw
  

              SUBSAFE vs CYBERSAFE.md
            
          
Element
SUBSAFE
CYBERSAFE


Purpose
Watertight integrity, recoverability, and safety (weapon, fire, and nuclear)
Data integrity, privacy and security (tamper-free ability to recover from disruptions or misdirections).


Design requirements
Clean, concise and non-negotiable requirements
Same with the addition of Privilege Separation both at software and at process level, as well as the Principle of Least Priviledge at the individual level.


Audit
Multiple structured audits that hold personnel accountable at all levels for safety
Same.


Training
Annual mandatory training for everyone with a strong emphasis on emotional lessons from past failures
Same.


Material and fabrication
Controls and documentation in place to ensure correct material: receipt, inspection, storage, handling, installation.
Use of version control (e.g., git) not just for writing code but also for every piece of documentation and should be trackable and linked; application of robust and well-documented libraries within the stack and code reviews.


Testing
Involves a formal checklist to collect specific documentation and information, successful sea trials, and a secondary review before unrestricted operations
On top of penetration testing and security patches, application of DevOps and test-driven dev’t to every activity within the organization rendering tasks effortless and automated.
Element	SUBSAFE	CYBERSAFE
Purpose	Watertight integrity, recoverability, and safety (weapon, fire, and nuclear)	Data integrity, privacy and security (tamper-free ability to recover from disruptions or misdirections).
Design requirements	Clean, concise and non-negotiable requirements	Same with the addition of Privilege Separation both at software and at process level, as well as the Principle of Least Priviledge at the individual level.
Audit	Multiple structured audits that hold personnel accountable at all levels for safety	Same.
Training	Annual mandatory training for everyone with a strong emphasis on emotional lessons from past failures	Same.
Material and fabrication	Controls and documentation in place to ensure correct material: receipt, inspection, storage, handling, installation.	Use of version control (e.g., git) not just for writing code but also for every piece of documentation and should be trackable and linked; application of robust and well-documented libraries within the stack and code reviews.
Testing	Involves a formal checklist to collect specific documentation and information, successful sea trials, and a secondary review before unrestricted operations	On top of penetration testing and security patches, application of DevOps and test-driven dev’t to every activity within the organization rendering tasks effortless and automated.