I figured this was relevant here, so here's a link to my August column for
Computerworld.
Excerpt:
'What's that you say? All the app vetting you've been doing to date consists
only of verifying that the apps play by the rules? That is, that they use only
published APIs and such? Well, then,
Hi Ken,
You raise some important points. Most infosec is approached as a set of
controls, but access control only takes you so far in the face of malice.
I like this quote from G.K. Chesterton
The real trouble with this world of ours is not that it is an unreasonable
world, nor even that it