| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Oct 2007 19:29:00 +0100 From: imipak <imipak@...il.com> To: "Thierry Zoller" <Thierry@...ler.lu>, "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk> Subject: Re: The Death of Defence in Depth ? - Aninvitation to Hack.lu Hi Thierry, wandering off-topic, but this is FD, where There Is No Topic...: > What currently is being done in the industry is to ADD more layers of > defence to protect against one failing, this is being done by adding > one parsing engine after the other. Again nobody said Defence in Depth > is wrong in itself, it's just the way the Software Industry has led > companies to implement it. _This_ is the point. > The problem - well, *a* problem, anyway - is that there are two contradictory axioms in infosec that are regularly cited to support or attack a particular strategy. "Defence in depth" vs. "A chain is only as strong as it's weakest link". Expressing these in terms of formal logic and resolving the conflict is left as an exercise for the reader. (I don't know how to do it...) /i _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists