Computer security is hard. Software, computer and network security are all ongoing battles between attacker and defender. And in many cases the attacker has an inherent advantage: He only has to find one network flaw, while the defender has to find and fix every flaw.
On Saturday, May 10, 2008 Sami Koivu wrote:
Security is hard.I can't remember having read Bruce's essay. But the wording is uncomfortably similar. Given the dates, my writing seems like cheap rip-off, of Bruce's. My bad. It's possible I've read something by someone else that was inspired by what Bruce had written. Or it could be coincidence. In any case: imitation, flattery, and so on...
When you're trying to build something secure, you have to consider everything.
When you're breaking the security, you just have to think of one thing that the other guy didn't think of. Not to mention the person creating security is normally vastly outnumbered.
2 comments:
Mr Schneier's own wording isn't too different from that of the IRA following the Brighton bomb in 1984 "Today we were unlucky, but remember we only have to be lucky once. You will have to be lucky always." http://en.wikipedia.org/wiki/Brighton_hotel_bombing
Not sure if that should make you feel any better.
Thanks! I'm not sure, either, but it's definitely interesting. I guess the concept applies to a lot of things of this nature.
Post a Comment