Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.
On Saturday, May 10, 2008 Sami Koivu wrote:
Security is hard.I can't remember having read Bruce's essay. But the wording is uncomfortably similar. Given the dates, my writing seems like cheap rip-off, of Bruce's. My bad. It's possible I've read something by someone else that was inspired by what Bruce had written. Or it could be coincidence. In any case: imitation, flattery, and so on...
When you're trying to build something secure, you have to consider everything.
When you're breaking the security, you just have to think of one thing that the other guy didn't think of. Not to mention the person creating security is normally vastly outnumbered.