Moreover, the raw split between the two doesn’t tell the whole story. If 90% of security vulnerability cannot be reliably eliminated then there’s very little to do except try to manage the damage.
How much safer would we be just by eliminating the avoidable vulnerabilities?. How much of our computer security vulnerability is unavoidable?. But, even if that is true, two key questions remain: In the end, there will always be a way to get past a computer system’s defenses. But I do have a couple of possibilities that I would like to see explored.įirst of all, I do believe that some amount of vulnerability can never be eliminated. I don’t have a perfect answer in fact, I don’t know that I have any answer. But how do you solve something with such fundamental challenges? And I do spend quite a bit of time thinking about how it could be made better. So, yes, I often feel troubled about the future of computer security. Our wins are just “draws” for the bad guys. We didn’t hurt them, we didn’t capture them, we didn’t make it harder to try again tomorrow. Worst of all, even when we “win”, all we did was prevent their attack. Fundamental theories of computer science prove that we can’t recognize, track, or find all possible malicious viruses, worms, or malware, but increasing computer complexity guarantees we keep giving them more and more bugs to exploit. They have to figure out how to defeat our current security and we have to guess what they’ll do in the future. The bad guys have a much easier job: they have to find one bug and we have to find them all. One of the reasons I worry so much is that the deck always seems to be stacked. I worry about the future of Computer Security.
0 kommentar(er)
