Friday, September 09, 2005

The Six Dumbest Ideas in Computer Security

Here's an excellent article by Marcus Ranum about a number of seemingly logical mistakes we make when thinking about strategies for improving the security of our systems. I'll just whet your appetite with the high level. Here are Ranum's six dumbest ideas.
  1. Default Permit
  2. Enumerating Badness
  3. Penetrate and Patch
  4. Hacking Is Cool
  5. Educating Users
  6. Action Is Better Than Inaction

No comments: