[LINK] Perspective on security! [was: Security efforts hindered by untrained users]

[Craig Sanders]

On Thu, Jan 31, 2008 at 06:29:19PM +1100, rchirgwin at ozemail.com.au wrote:
> Even if we regard some "core skills" with computers as being
> unavoidable, no two experts will agree on the necessary core skills
> (as they relate to the ordinary user), and the list keeps getting
> extended by new complexities in the next round of releases.

imo, there are only 2 core skills:

1. the ability to learn whatever you need to learn
2. the ability to recognise whatever it is that you need to learn.

this applies to computing as it does to every other field of knowledge
or endeavour.

> I'll toss in an inflammatory statement of my own: saying "user
> education is the answer to security" is a cop-out that lets software
> writers, from the operating system upwards, shirk their responsibility
> by making fun of people who aren't "in the club".

user education isn't and wont ever be the entire answer or even a huge
part of it. you can lead a user to knowledge but you can't force them to
understand.

user willingness to learn is part of the answer.

good software is most of the answer. and no, that doesn't mean just
simplifying complex stuff down to the point that even an idiot could use
because that would result in security that only an idiot would be happy
with.

complexity is unavoidable in complex things. that should be regarded
as an obvious tautology but for some bizarre reason it's regarded as
unreasonable heresy when it comes to computers.


craig

-- 
craig sanders <cas at taz.net.au>

BOFH excuse #36:

dynamic software linking table corrupted