What can nature tell us about how best to manage our risks? http://geer.tinho.net/acm.geer.0704.pdf
Security people are never in charge unless an acute embarrassment has occurred. Otherwise, their advice is tempered by "economic reality," which is to say that security is a means, not an end. This is as it should be. Since means are about tradeoffs, security is about trade-offs, but you knew all that. ....... - Security is a set of trade-offs. - The existence of tradeoffs is why security = risk management. - In the real world, tradeoffs are measured in cost. - Cleanup and prevention are both necessary but neither is sufficient. ....... Readers of Queue hardly need to be reminded that mono-culture risk is real, that diversity can make coherent systems management challenging, or that risk management has to include tradeoffs around monoculture risk. There's nothing unique about digital security in that sense: farmers rotate their crops to do their kind of risk management. Big manufacturers second-source every critical part to do their kind. Simulation studies done at George Mason University demonstrated that when about 40 percent of computers are alike, the risk of general collapse takes a leap upward.What a surprise! (Not.) ....... Read the entire article at: http://geer.tinho.net/acm.geer.0704.pdf _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
