On Sun, 4 Aug 2024 09:45:06 -0700 Kent Borg <kentb...@borg.org> wrote:
Security is not a state. It's an iterative process. I originally wrote a lot of tearing down of straw-man assertions like firewalls failing open (they don't: they fail closed so there is no access in or out and therefore there is no damage). But instead I deleted almost all of that to focus on this: > I like a quite I recently ran across from Peter Gutmann: > > Rule #1: Complexity of the enemy of security. Two errors here. First, the original quote is, "[t]he worst enemy of security is complexity." This is an admonition to design systems to be no more complex than is required of them. Which is a good general design philosophy. A corollary is that just because *you* don't understand it doesn't mean that the people who do understand it are unable to keep it secure. "Most people" don't need to know the difference between a Layer 3 firewall and a Layer 7 firewall any more than they need to know how heat catalyzes chemical reactions in batter to make fluffy pancakes. Second, it was Bruce Schneier who wrote this. https://www.schneier.com/essays/archives/1999/11/a_plea_for_simplicit.html -- \m/ (--) \m/ _______________________________________________ Discuss mailing list Discuss@driftwood.blu.org https://driftwood.blu.org/mailman/listinfo/discuss
