Security State of the Union
Posted by Aaron Massey on 03 Mar 2011.
Since I’ve been absent for a while, I thought this “Security State of the Union” interveiw with Dr. Spafford would be an excellent link to get back into posting on a more regular basis. Here’s one of my favorite parts:
Part of the difficulty is providing everybody with such a broad range of powerful capabilities, more than most people need, and so there are so many different avenues for them to damage themselves. If only half the population — I’m guessing, pick a number — needs only enough power to read e-mail and surf the ‘Net, then giving them the capability to have huge file systems, with the ability to modify the operating system, is totally unnecessary and also provides a huge avenue for persistent threats for spam and botnets. Today’s computers are overly complex, overly capable systems that are difficult to administer, difficult to recover and protect. Right now, you buy an OS with 100 million lines of code. That’s what’s killing us; it’s the complexity. Everybody’s being given a 200-bladed Swiss Army knife when they only need to use three, so it’s no surprise they cut themselves.
Spaf makes such apt analogies. Read the whole thing.