On 30/10/2009 05:58, Brandon Sterne wrote:
Please feel free to add any additional criteria that seem appropriate.
x. Think like an attacker. How easy is the model to bypass (most likely) or breach (rare, mostly academic) ?
x. Think like an architect. Does this lead us forward towards a better sustainable defence? Is this the first step to fixing the real problems? Does it make more obvious what underlying API changes are needed? Or is it a stop gap measure that will be breached eventually? Does it paper-over the underlying bugs? Is this encouraging a better asymmetry in defence (good) or encouraging the attack-defence cycle (bad)?
x. Think like an economist. How costly is it to attack overall? Does this cost imposed on the attacker raise a barrier high enough to make a difference? (Locks & neighours strategy.) How costly is it for a company to implement this? Does the cost / barrier justify the corporate expenses or is the company better off spending the money elsewhere?
x. Think like a manager. How easy is the model to communicate? How easy are the words & concepts? Does it deal with or hide the complexity? PR: Does it fit well with a meme/hype campaign?
x. Think like a developer. How much fun is it to implement? How difficult are the concepts & words? Does it surface and envelope with its complexity? Does it get me jobs, beers, relationships?
x. Think like a pragmatist. Maybe we don't know, and maybe we won't until we try it, no matter how many questions we ask. Stop waffling, more list posts don't get more lines of code written, get back to work.
Some of these are slightly toungue in cheek :) iang _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
