The article is 14 Years old but it still makes sense why?
Because, the answer is in the title of this Blog.
From the article:
Products provide some protection, but the only way to effectively do business in an insecure world is to put processes in place that recognize the inherent insecurity in the products. The trick is to reduce your risk of exposure regardless of the products or patches.
Most products that use security are not designed by anyone with security expertise. Even security products are generally designed and implemented by people who have only limited security expertise.
Software manufacturers don't have to produce a quality product because there is no liability if they don't. And the effect of this for security products is that manufacturers don't have to produce products that are actually secure, because no one can sue them if they make a bunch of false claims of security.
Security does not have to be perfect, but the risks have to be manageable.
Here are two examples of how to focus on process in enterprise network security:
- Watch for known vulnerabilities.
- Continuously monitor your network products
For more information:
https://www.schneier.com/crypto-gram/archives/2000/0515.html#1
No comments:
Post a Comment