"The Six Dumbest Ideas in Computer Security"

12 September 2005 11:41
jrtom: (Default)
[personal profile] jrtom
http://www.ranum.com/security/computer_security/editorials/dumb/

A bit facile--#3, for instance, suggests that if we would just design our software right in the first place, that we wouldn't have any security problems--but thought-provoking. Also, it includes this gem:

On the surface of things, the idea of "Educating Users" seems less than dumb: education is always good. On the other hand . . . if it was going to work, it would have worked by now.
  • Current Mood: thoughtful
  • Current Music: Cab Calloway - The Blues Brothers Soundtrack - Minnie The Moocher
Tags:
Threaded | Top-Level Comments Only

(no subject)

Date: 12 September 2005 22:14 (UTC)
From: [identity profile] red-frog.livejournal.com
I am firmly against relying on educating users. A user isn't going to know (and shouldn't have to know; that's not Dad's job when he's accessing a medical DB to save someone's life in a way I can't even imagine) what risk may be involved with running an app. Don't lock out the admins, but don't rely on educating end users. Their job is to use the stuff, not secure it.
Threaded | Top-Level Comments Only

Profile

jrtom: (Default)
jrtom

Navigation

May 2011

S M T W T F S
1234567
891011121314
1516 1718192021
22232425262728
29 3031    

Most Popular Tags

Page Summary

Style Credit

Expand Cut Tags

No cut tags
Page generated 8 January 2026 08:07
Powered by Dreamwidth Studios