I regularly download and listen to a computer security podcast called Security Now with Leo Laporte and Steve Gibson. The podcast is available on the Security Now website in a variety of formats including transcripts. Recently (episode 215), they discussed humorous Security Maxims courtesy of Roger Johnston. Thought you might be interested in reading or listening. Here's a few to chew on:
Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys).
Comment: We think this, because we always find new vulnerabilities when we look at the same security device, system, or program a second or third time, and because we always find vulnerabilities that others miss, and vice versa.Thanks for Nothin’ Maxim: A vulnerability assessment that finds no vulnerabilities or only a few is worthless and wrong.
Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”.
Be Afraid, Be Very Afraid Maxim: If you’re not running scared, you have bad security or a bad security product.
Comment: Fear is a good vaccine against both arrogance and ignorance.
No comments:
Post a Comment