On Mon, 28 May 2007 21:54:46 EDT, Kyle Moffett said: > Average users are not supposed to be writing security policy. To be > honest, even average-level system administrators should not be > writing security policy. It's OK for such sysadmins to tweak > existing policy to give access to additional web-docs or such, but > only expert sysadmin/developers or security professionals should be > writing security policy. It's just too damn easy to get completely > wrong. The single biggest challenge in computer security at the present time is how to build *and deploy* servers that stay reasonably secure even when run by the average wave-a-dead-chicken sysadmin, and desktop-class boxes that can survive the best attempts of Joe Sixpack's "Ooh shiny" reflex, and Joe's kid's attempts to evade the nannyware that Joe had somebody install. (If you know how to build such things, don't bother replying. If you have actual field experience on getting significant percents of Joe Sixpacks to switch, I need to buy you a beer or something.. ;)
Attachment:
pgpzlrjs12cCK.pgp
Description: PGP signature