Seriously we can’t help it.

From here:

Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it.

Really, we can’t help it.

This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work; the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal. You don’t have to exploit the vulnerabilities you find, but if you don’t see the world that way, you’ll never notice most security problems.

This is so true. So unbelievably true. And a key reason so many users just don’t get the reasons behind some of the practices IT follows. Especially when you work for an engineering company.

Engineers just don’t get it. They can’t get it. It is not in their vocabulary.

2008
03/24
CATEGORY
Stuff
Write comment

  1. No comments yet.

  1. No trackbacks yet.