jrtom: (Default)
jrtom ([personal profile] jrtom) wrote2005-09-12 11:41 am
  • Add Memory
  • Share This Entry
  • Current Mood: thoughtful
  • Current Music: Cab Calloway - The Blues Brothers Soundtrack - Minnie The Moocher
Entry tags:

"The Six Dumbest Ideas in Computer Security"

http://www.ranum.com/security/computer_security/editorials/dumb/

A bit facile--#3, for instance, suggests that if we would just design our software right in the first place, that we wouldn't have any security problems--but thought-provoking. Also, it includes this gem:

On the surface of things, the idea of "Educating Users" seems less than dumb: education is always good. On the other hand . . . if it was going to work, it would have worked by now.
Flat | Top-Level Comments Only

[identity profile] red-frog.livejournal.com 2005-09-12 10:14 pm (UTC)(link)
I am firmly against relying on educating users. A user isn't going to know (and shouldn't have to know; that's not Dad's job when he's accessing a medical DB to save someone's life in a way I can't even imagine) what risk may be involved with running an app. Don't lock out the admins, but don't rely on educating end users. Their job is to use the stuff, not secure it.
Flat | Top-Level Comments Only