On Sat, Aug 10, 2013 at 6:10 AM, Gichuki John Chuksjonia <chuksjonia@xxxxxxxxx> wrote: > One thing u gotta remember most of the Admins who handle webservers in > a network are also developers since most of the organizations will > always need to cut on expenses, and as we know, most of the developers > will just look into finishing work and making it work. So if something > doesn't run due to httpd.conf, you will find these guys loosening > server security, therefore opening holes to the infrastructure. Cognitive Bias and Dissonance are well known problems in security engineering. NB's comments are a testament to the disconnect between the creators of the system and the users of the system. (No offense to NB). See, for example, Peter Gutmann's Engineering Security (www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf) or Ross Anderson's Security Engineering (http://www.cl.cam.ac.uk/~rja14/book.html). Jeff
