At 11:01 26/07/99 +0200, Jacob Palme wrote: >The document, like many other security documents, tells too much >about what will not work, too little on what will work. It seems as >if security experts are better at telling you that something is >dangerous or might not be secure, than telling you how to get >security. I would prefer to get more practical advice with >recommendations on how to get the security you want. I think this is a fair comment, that may also reflect the very nature of security. I am reminded of a little game that is very prevalent on a certain desktop operating system: Minesweeper. (The goal is to uncover a number of hidden mines by stomping on all the squares that do NOT contain mines: to stomp on a mine is sudden death.) Making systems secure seems a similar kind of activity: experts can tell us where mines are known to exist, but it is both imperative and very difficult to deduce where mines certainly do not exist. #gReceived on Monday, 26 July 1999 09:34:26 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:08:06 UTC