Comment by Beldin

That's an interesting distinction, but I think GP meant something else - and I'm willing to agree with their view:

- Safety is a PvE game[0] - your system gets "attacked" by non-sentient factors, like weather, animals, or people having an accident. The strength of an attack can be estimated as a distribution, and that estimate remains fixed (or at least changes predictably) over time. Floods don't get monotonically stronger over the years[1], animals don't grow razor-sharp titanium teeth, accidents don't become more peculiar over time.

- Security is a PvP game - your system is being attacked by other sentient beings, capable of both carefully planning and making decisions on the fly. The strength of the attack is unbounded, and roughly proportional to how much the attacker could gain from breaching your system. The set of attackers, the revenue[2] from an attack, the cost of performing it - all change over time, and you don't control it.

These two types of threats call for a completely different approach.

Most physical engineering systems are predominantly concerned with safety - with PvE scenarios. Most software systems connected to the Internet are primarily concerned with security - PvP. A PvE scenario in software engineering is ensuring your intern can't accidentally delete the production database, or that you don't get state-changing API requests indexed by web crawlers, or that an operator clicking the mouse wrong won't irradiate their patient.

--

[0] - PvE = "Player vs Environment"; PvP = "Player vs Player".

[1] - Climate change notwithstanding; see: estimate changing predictably.

[2] - Broadly understood. It may not be about the money, but it can be still easily approximated in dollars.

I wonder how this distinction plays out in languages that use the same word for safety and security, e.g. German and Portuguese.