Six Dumbest Ideas in Computer Security

Interesting article by Marcus Ranum. He is the Chief Security Officer of Tenable Security (the people behind Nessus). Strangely enough, while this is old as of September, it is still a great read on the six dumbest things within computer security. Those things are:

  1. Default Permit
  2. Enumerating Badness
  3. Penetrate and Patch
  4. Hacking is Cool
  5. Educating Users
  6. Action is Better Than Inaction

To top it off, this little excerpt can probably summarize why these things are the dumbest ideas within computer security.

If “Educating Users” is the strategy you plan to embark upon, you should expect to have to “patch” your users every week. That’s dumb.

Right on.
Via CertifiedSecurityPro