security requires imperfection

Yup, it’s still a thinking week! Rybolov has joined in posting about security vs a zero-defect perception.

Of course, what does this have to do with security? Well, in most companies and the government in particular, you’re trying to project a zero-defects image to your customers. That’s the way the business and marketing side works. Marketing and security don’t mix precisely for this reason: one is trying to project an image of perfection, the other needs understanding of flaws and risks in order to make informed decisions.

Yup! That’s why people get their faces all scrunched up when the security guys say, “well, we could still be penetrated by a really skilled hacker…” They want zero-defect perfection; a state where they can sit back and be ultimately secure, even if they realize technology changes they still want some state of secure for the now. We actually require the imperfection in order to evaluate and improve (and prove!).