On 2007-05-10 Florian Weimer wrote: > * David Gillett: >>> But your point above: >>> "without installing malware on the victim host" >>> >>> Although true on some level, is bogus for the purpose of this work, >>> as it being written makes an automatic assumption on working only >>> after malware is installed. >> >> The principle of "defence in depth" is that each security measure >> adds to overall security by providing protections that continue to >> operate even if other defences have been breached. > > Isn't it more like combining several things which aren't > unconditionally secure by themselves, in the hope that the result is > something you can actually live with? That would hardly qualify as "in depth". Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
