Blog Home  Home RSS 2.0 Atom 1.0 CDF  
IdentityCrisis - There is no amount of technology
Code is a commodity. Platform awareness ... Priceless
 
Archive
<September 2010>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789
Navigation
Home
Categories
 SQL
Blogroll
 .NET Security Blog
 Aaron Margosis' "Non-Admin" WebLog
 Accentient Blog
 Andrew Stopford's Weblog
 Ask the Performance Team
 BloodhoundBlog
 Bob Beauchemin's Blog
 Brian Button - One Agile Coder
 Christian Weyer: Smells like service spirit
 Connected Systems — Stuart Celarier
 CraigBlog
 dasBlonde
 David LeBlanc's Web Log
 David Wang
 Dino Esposito's WebLog
 Dirteam.com/ActiveDir.org Blogs
 Don Box's Spoutlet
 Eric.Weblog()
 Erik Porter's Blog
 Geek Noise
 Howard van Rooijen's Blog
 IanG on Tap
 IDesign Inc Downloads Headlines
 Interoperability Happens
 jasonmauer.com
 JetBrains .NET Tools Blog
 Joe Kaplan
 John Lam on Software
 JohnArmitage.net
 Kim Cameron's Identity Weblog
 Kimberly L. Tripp: Improving *my* SQL skills through your questions!
 Laptoping.com
 Larkware News
 Marquee de Sells: Chris's insight outlet
 Martin Fowler's Bliki
 Michael Howard's Web Log
 Mickey Gousset
 Mike's Corner - Web 2.0 For Real Estate Pros
 Onion Blog
 Option Strict : Cory Isakson
 Patrick Cauldwell's Blog
 Portland Oregon Real Estate Blog
 Rob Caron
 Robert Hurlbut's .NET Blog
 Sam Gentile
 Sara Williams' blog
 Schneier on Security
 Scott Hanselman's Computer Zen
 ScottGu's Blog
 Security Briefs
 Service Station, by Aaron Skonnard
 ShawnVN's Blog
 SourceForge.net: Inactive feed (group: 1089)
 SQL Protocols
 The Catherine Austin Fitts Blog
 The Security Development Lifecycle
 www.leastprivilege.com
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

Sign In
 Wednesday, July 13, 2005
There is no amount of technology

I like the part about "hard work that very few people have the courage and patience to undertake".  I have worked with a lot of bright people.  Most if not all avoid playing out the full implementation of a secure deployment.  Do they lack courage or patience?  Why?  I still don't know many developers that know much about their platform.  My context is Windows.  I always feel like I have more to learn about platform but I have yet to work with a dev that gets it more than I do.  Am I alone? 

Quotes from Interview with Marcus Ranum

It's not a technology problem, it's a management problem. There are plenty of tools that can be used to control inter-host trust, but they are generally not used because they're "too hard" or "inconvenient" or whatever.

In order to build really secure systems you need to understand the trust relationships between your systems and then build your systems to enhance and support your mission based on those trust relationships. But that's hard work that very few people have the courage and patience to undertake. So instead, they want to just throw technology at the problem - which won't work - because there is no amount of technology that can effectively build your trust relationships for you if you don't understand them yourself. d

7/13/2005 8:25:23 AM (GMT Standard Time, UTC+00:00)  #       | 
Copyright © 2010 Joseph E Shook. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: