Security Maxims
Great Security Maxims applicable to Cyber Security by Roger G. Johnston, Ph.D., CPP, Vulnerability Assessment Team (VAT), Nuclear Engineering Division, Argonne National Laboratory.
Infinity Maxim: There are an unlimited number of security vulnerabilities for a given security device, system, or program, most of which will never be discovered (by the good guys or bad guys). Comment: We think this, because we always find new vulnerabilities when we look at the same security device, system, or program a second or third time, and because we always find vulnerabilities that others miss, and vice versa. Thanks for Nothin’ Maxim: A vulnerability assessment that finds no vulnerabilities or only a few is worthless and wrong. Arrogance Maxim: The ease of defeating a security device or system is proportional to how confident/arrogant the designer, manufacturer, or user is about it, and to how often they use words like “impossible” or “tamper-proof”. Be Afraid, Be Very Afraid Maxim: If you’re not running scared, you have bad security or a bad security product.Comment: Fear is a good vaccine against both arrogance and ignorance.
via www.ne.anl.gov