Hard to admit that he's right, isn't it?

Why is it so difficult to accept that a significant contributor to security over the last 20 years (did you see the bit about SEAL? Know anything about NFR?) is right about what the problem is? The central point he continues to make is that the application space sucks security-wise because of tradeoffs, vendors have a vested interest in killing interoperability, and that everyone (and I mean EVERYONE) bears some part of the blame for security problems. From the user that installs infected software to the hacker that creates it, and all points in between.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/334/32057#32057