Monday, March 20, 2006

Security: Too much of a good thing 

Here is a great article on the complexity of security:

Every so often someone sits down and says to himself, "Security isn’t complicated enough. What would be really good would be if no one understood how to do it properly."

One thing the Windows kernel does really well is security. Every single object has an associated access control list, which allows fine-grained access control to pretty much anything. The average user’s response to this is to decide it’s too complicated to understand, and that the simplest thing to do is set everything to full access.

This page is powered by Blogger. Isn't yours?