-
Read more...
“Briefly and simply, assurance work makes a user or a creditor more confident that the system works as intended without flaws, without surprises, even in the presence of malice.” … “The major shortfall is absence of assurance or safety mechanisms in software. If my car crashed as often as my computer does, I’d be dead by now.”
Brian Snow, Former Technical Director of the US National Security Agency (NSA), "We need Assurance", AusCERT 2008 -
"History has taught us: never underestimate the amount of money, time, and effort someone will expend to thwart a security system. It's always better to assume the worst. Assume your adversaries are better than they are. Assume science and technology will soon be able to do things they cannot yet. Give yourself a margin for error. Give yourself more security than you need today. When the unexpected happens, you'll be glad you did."Read more...
Bruce Schneier, "Why Cryptography Is Harder Than It Looks", 1997 -
Read more...
“The more complex the threats become, the more you have to do the basics and groundwork really well. Staying aware and on top of new vulnerabilities and ensuring that patches and software updates are rapidly implemented is crucial.”
Jeff Shipley, Cisco Intelligence Collection Manager, Cisco 2008 Annual Security Report
Resources Security bibliography Hash functions