November 2nd, 2007

ronin

"Some thoughts on security after 10 years of qmail 1.0" by DJB.


HOW CAN WE MAKE PROGRESS ON SECURITY?

"To this very day, idiot software managers measure ‘programmer productivity’ in terms of ‘lines of code produced,’ whereas the notion of ‘lines of code spent’ is much more appropriate.
—Dijkstra

Answer 1: Eliminating bugs
Answer 2: Eliminating code
Answer 3: Eliminating trusted code

Distraction 1: Chasing attackers
Distraction 2: Minimizing privlege
Distraction 3: Speed, speed, speed


http://cr.yp.to/qmail/qmailsec-20071101.pdf