science and best practices

Before dissing “best practices” in general, keep in mind that following many “best practices” will save you time and effort discovering for yourself what others already know. Basically, “standing on the shoulders of giants…”

I think many people get mad at “best practices” because they’re not universal and absolute. They won’t work in all cases (maybe they just won’t work in yours!), and they won’t result in absolute security (what does?).

As paranoid security geeks, we should question and strive to understand what is going on, but don’t just rage against “best practices” because it’s chic.