[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] The Death of Defence in Depth ? - Aninvitation to Hack.lu

To: "Thierry Zoller" <Thierry@xxxxxxxxx>, "full-disclosure@xxxxxxxxxxxxxxxxx" <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] The Death of Defence in Depth ? - Aninvitation to Hack.lu
From: imipak <imipak@xxxxxxxxx>
Date: Wed, 10 Oct 2007 19:29:00 +0100

Hi Thierry,

wandering off-topic, but this is FD, where There Is No Topic...:


> What currently is being done in the industry is to ADD more layers of
> defence to protect against one failing, this is being done by adding
> one parsing engine after the other. Again nobody said Defence in Depth
> is wrong in itself, it's just the way the Software Industry has led
> companies to implement it. _This_ is the point.
>


The problem - well, *a* problem, anyway -  is that there are two
contradictory axioms in infosec that are regularly cited to support or
attack a particular strategy.

"Defence in depth"

   vs.

"A chain is only as strong as it's weakest link".

Expressing these in terms of formal logic and resolving the conflict
is left as an exercise for the reader. (I don't know how to do it...)


/i

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] The Death of Defence in Depth ? - Aninvitation to Hack.lu
  - From: Pavel Kankovsky

Prev by Date: [Full-disclosure] [SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
Next by Date: [Full-disclosure] [SECURITY] [DSA 1385-1] New xfs packages fix arbitrary code execution
Previous by thread: [Full-disclosure] [SECURITY] [DSA 1379-2] New openssl packages fix arbitrary code execution
Next by thread: Re: [Full-disclosure] The Death of Defence in Depth ? - Aninvitation to Hack.lu
Index(es):
- Date
- Thread