2014-12-15

security without trust

The effect of investing in security depends on the actual level of security achieved in the system. It also depends on the degree of trust from my stakeholders.

Imagine a system with perfect security which - for whatever reason - isn't trusted by those who should depend on it. Their distrust might appear totally irrational to us. That doesn't matter. It's not our call. Our effort is a failure.

Putting all our money into "actual" security and ignoring the need for assurance is a recipe for failure.

No comments:

20241010