This is a divergence off topic a bit, but what the heck... it's the
Internet after all. I think it might be instructional for people to
understand that my statement "No usable security is 100%" is not just an
opinion. I do not know any security professional who would not agree with
the statement. This is the whole point behind documenting known residual
vulnerabilities, and using more than one mechanism to secure your
whatever-it-is-you-are-securing.
The point of a security mechanism is to offer a certain level of usability
while offering a certain level of security with a certain level of
assurance. If we really expect -- which is how I read your word "hope"
since we can hope all we want... -- it to be 100% we will always be
disappointed. This is not cynicism or fatalism. It is reality, and the
nature of things because we are linking "usability" and "security" and
these two are usually opposed (in need, not in intent). All usable
security solutions are less than 100%, but not just because we haven't
worked hard enough, or spent enough money, or been clever enough. They are
that way because they cannot be any other way.
Fred
Avolio Consulting
16228 Frederick Road, PO Box 609, Lisbon, MD 21765
410-309-6910 (voice) 410-309-6911 (fax)
http://www.avolio.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
