, 2001-12-12
The commitment by the federal government to further computer security research may be laudable, but it fails to address the root cause of most security issues: bad software.
Expand all |
Post comment
White House CyberSecurity - Jobs, Research, and Rhetoric, but Few Results
2001-12-12
Anonymous (2 replies)
Anonymous (2 replies)
National Security Agency's Security-Enhanced Linux should be the foundation
2001-12-13
seeing the forest thru the trees (1 replies)
seeing the forest thru the trees (1 replies)
Computer Security Facts:
Read: Ain't no network strong enough
Master cryptographer Bruce Schneier's "Secrets and
Lies" explains why computer security is an oxymoron.
http://www.salon.com/tech/review/2000/08/31/schneier/
a review of Schneier’s book by Brendan I. Koerner
Educated User Fact:
We have trained/educated users/employees until we have been blue in the face... and they still don't practice safe hex.
True, SELinux will do knothing to cure this itch that users just can't help but to scratch? There is not much that will! This is a weak link. Is there a way to authenticate users where we take the users brain out of the process?
Hmmm, Are computer security problems fixable?
Maybe.
There are some of us who see the glass as half full and think that it is fixable (or improvable) but, the course of action needed does not have one thing to do with current or past "views" on how to get it done.
SELinux is on the right path with the goal they have... the only problem with that idea is that they, and we, are looking at the problem from a "local" 2D view. Instead, this view should be global, 3+D and involve a not-for-profit Linux-like GPL!
Hint:
Think global, not local!
Real Transaction Security does not have to be just a dream.
It could happen... but, it has to happen from the ground up, not from the top down!
The NSA is saying it right! SELinux is a project model, a place to start, and not a product.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/columns/46/9316#9316