Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: The Death of Defence in Depth ? - Aninvitation to Hack.lu

From: imipak <imipak () gmail com>
Date: Wed, 10 Oct 2007 19:29:00 +0100
Hi Thierry,

wandering off-topic, but this is FD, where There Is No Topic...:



What currently is being done in the industry is to ADD more layers of
defence to protect against one failing, this is being done by adding
one parsing engine after the other. Again nobody said Defence in Depth
is wrong in itself, it's just the way the Software Industry has led
companies to implement it. _This_ is the point.




The problem - well, *a* problem, anyway -  is that there are two
contradictory axioms in infosec that are regularly cited to support or
attack a particular strategy.

"Defence in depth"

   vs.

"A chain is only as strong as it's weakest link".

Expressing these in terms of formal logic and resolving the conflict
is left as an exercise for the reader. (I don't know how to do it...)


/i

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: