The Effect of Snakeoil Security: wheels within wheels

As you can imagine I’ve been reading and learning more about security with my work in Elections ( It’s a hall of mirrors and I struggle to really grasp when a possible threat is worse than the cure for it — in real world terms, rather than theoretical terms.This article is perceptive and deep and easy to understand at the surface, but hard to understand profoundly: The Effect of Snakeoil Security from web application security lab:

This goes back to the bear in the woods analogy that I personally hate. The story goes that you don’t have to run faster than the bear, you just have to run faster than the guy next to you. While that’s a funny story, that only works if there are two people and you only encounter one bear. In a true ecosystem you have many many people in the same business, and you have many attackers. If you leave your competitor(s) out to dry that may seem good for you in the short term, but in reality you’re feeding your attacker(s). (from: The Effect of Snakeoil Security)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s