Roger Johnston over at Argonne Labs put together a list of 'Security Maxims' -- random truths about security that he and his team learned in doing vulnerability assessments for physical/nulclear systems.
Some of my favorites:
Rohrbach’s Maxim: No security device, system, or program will ever be used properly (the way it was designed) all the time.
Rohrbach Was An Optimist Maxim: No security device, system, or program will ever be used properly.
Irresponsibility Maxim: It’ll often be considered “irresponsible” to point out security vulnerabilities (including the theoretical possibility that they might exist), but you’ll rarely be called irresponsible for ignoring or covering them up.
Troublemaker Maxim: The probability that a security professional has been marginalized by his or her organization is proportional to his/her skill, creativity, knowledge, competence, and eagerness to provide effective security.
A Priest, a Minister, and a Rabbi Maxim: People lacking imagination, skepticism, and a sense of humor should not work in the security field.
I Hate You Maxim 2: The more a given technology causes hassles or annoys security personnel, the less effective it will be.
the entire list is fairly long, but mostly entertaining (at least for a security geek!) http://www.ne.anl.gov/capabilities/vat/seals/maxims.html
No comments:
Post a Comment