[SNIP]
>
> What Thomas also overlooks is the fact that security is not an add-on,
> it is a goal which is reached by concept.
>
Actually, security is in fact an 'add-on' a 'shim', which makes all in the
info-sec realm akin to remodelers. Had TCP/IP a prime focus upon
security this might be a different matter as you suggest, but, such is/was
not the case. And since most programs and the processes that brought them
into being by their creators do not put security at the forefront of the
design/programming process, applications tend to mimick the TCP/IP model.
So, we remodel, shim and retrofit <smile>.
The carpentry of IT...
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
