On Sun, Jul 09, 2006 at 09:17:09PM -0500, Tony Abernethy wrote: > Peter Philipp wrote: > > [snip] > > > > But little change by little change will isolate > > insecurities until a system is secure, right? (didn't somene coin the > > phrase "security is a process"?) > > Little change by little change will isolate little insecurities. > Little change by little change will enlarge big insecurities. > Maybe not by much, but Rube Golberg contraptions will NOT be secure. > > "Security is a process" > Slogan for snake-oil?
Yes, securing little things will not make the *system* secure. Little things that should to be fixed may make a system insecure, however. "Security is a process" is a decent slogan, as slogans go. The ideas behind it mean that you can't buy the latest whizbang firewall and suddenly have "security." You need a process to evaluate where you are vulnerable and how much, what measures are in place and where they protect you, etc. I think this slogan was misquoted, but "security is a process" is a useful way to think. -- Darrin Chandler | Phoenix BSD Users Group [EMAIL PROTECTED] | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ |
