from the capabilities-or-culpability? dept.
Bruce Schneier, author of the standard reference Applied Cryptography, has a new book out called Secrets and Lies. In an interview in Salon he talks about the book's main thesis: that secure computing is impossible: "Given the inevitability of attacks, 'prevention' can no longer be the security buzzword. Just as even the finest hockey goalies must regularly suffer the humiliation of allowing a goal, companies must learn to live with penetrations. Prepare for the worst, Schneier urges." Has the man never heard of capability security?
