Linked by Andrew Youll on Sat 17th Sep 2005 11:22 UTC, submitted by JonasDue
Privacy, Security, Encryption "There's lots of innovation going on in security - we're inundated with a steady stream of new stuff and it all sounds like it works just great. Every couple of months I'm invited to a new computer security conference, or I'm asked to write a foreword for a new computer security book. And, thanks to the fact that it's a topic of public concern and a "safe issue" for politicians, we can expect a flood of computer security-related legislation from lawmakers. So: computer security is definitely still a "hot topic." But why are we spending all this time and money and still having problems?"
Permalink for comment 32841
To read all comments associated with this story, please click here.
RE[4]: Computer Insecurity
by protagonist on Sun 18th Sep 2005 02:07 UTC in reply to "RE[3]: Computer Insecurity"
protagonist
Member since:
2005-07-06

>> If the end user has to RTFM then the programmer has not
>> done his job.

> For simple software, sure.

> For more complex software, that's not practical or even possible in
> many cases since the software may have to eventually interact with
> devices or OS configurations that haven't been invented yet.

The complexity of the software has nothing to do with it. You should be able to use the basic functions of your software without having to read a manual. That is what the concept of an intuitive interface is all about. The way most manuals are written these days the average user doesn't understand it anyway. And I am not saying the user is stupid, just that the manual is usually as poorly written as the code is.

The point of the article as I perceive it is that we are in the security mess we are in because much of the software has security coded as an afterthought. I agree with his assessment that we are going about security the wrong way. In a business setting very few people need to be able to install software. Lock down the applications you need and forbid anything else. That concept as well as the rest he puts forward make sense and could go a long ways towards securing most networks.

Reply Parent Score: 1