22 Oct
2013
22 Oct
'13
7:37 p.m.
My biases, such as they are: The topmost aim of security design is to choose tolerable failure modes. The topmost aim of security engineering is to have no silent failures. A state of security is achieved when there are no unmitigatable surprises. That said, the challenge here is to pick what are the tolerable failure modes, to ensure that when they occur that they are neither silent nor silenceable, and to have mitigations in hand against that day. Easier said than done, of course. Would that it were possible for one lone wolf to have a flash of brilliance leading to compact satisfaction of these needs, but I doubt that possibility. YMMV, --dan