Schneier on Assurance

From an angry post by Bruce Schneier:
Over the past several months, the state of California conducted the most comprehensive security review yet of electronic voting machines...Serious flaws were discovered in all machines, and as a result the machines were all decertified for use in California elections...Yet California Secretary of State Debra Bowen has conditionally recertified the machines for use, as long as the makers fix the discovered vulnerabilities and adhere to a length list of security requirements designed to limit future security breaches and failures.... [This] has security completely backward. It begins with a presumption of security: If there are no known vulnerabilities, the system must be secure. If there is a vulnerability, then once it's fixed, the system is again secure. How anyone comes to this presumption is a mystery to me.
Worth reading in its entirety. When you're done, go back and think about what you're working on right now, and ask yourself how trustworthy you think it really is...
comments powered by Disqus