Follow

-- Ridiculous excuses I've heard (about securing systems) 1/2

- No one will do that.
- Why would anyone do that?
- We've never been attacked.
- We're secure - we use cryptography.
- We're secure - we use ACLs.
- We've reviewed the code, and there are no security bugs.

by Michael Howard and David LeBlanc (c. 2001-2003)

-- Ridiculous excuses I've heard (about securing systems) 2/2

- We know it's the default, but the administrator can turn it off.
- If we don't run as administrator, stuff breaks.
- But we'll slip the schedule
- It's not exploitable
- But that's the way we've always done it
- If only we had better tools

by Michael Howard and David LeBlanc (c. 2001-2003)

-- Ridiculous excuses I've heard (about securing systems) 3/2

Writing Secure Code is magnificent book (highly recommended) written by Michael Howard and David circa 2001/2003.

It's almost 2020 and I still hearing all of them on a frequently basis.

amazon.com/Writing-Secure-Seco

Sign in to participate in the conversation
Ruby.social

A Mastodon instance for Rubyists & friends