Friday, September 14, 2007

Not that you asked...

But here are some random thoughts and mini-rants which may or may not have anything to do with Information security-

Making something more complex...
makes it more complex. More complex means more potential avenues of attack and makes it harder to understand and secure. More attack surface likely means LESS secure. If I add anti-virus, anti-spyware, host-based firewalls and IPS, NAC agents and more to my systems they have thousands (millions?) of additional lines of code that provide potential attack vectors (and real performance issues).

Often-violated business rule #1:
Make it easy for people to give you money.
(This mini-rant brought to you by the Cisco Service Contract Center).

Old InfoSec people are curmudgeons because they are tired of fighting the same battles over and over and over again. And because they aren't happy unless they aren't happy.

Often-violated business rule #2:
If you take someone's money, deliver what you promised them.
(This mini-rant brought to you by Symantec).

Breaking stuff is still fun. As is fixing stuff. And breaking it again.

Blatantly Obvious Business "Secret": Underpromise and Overdeliver.

Ubuntu is a great Linux distribution and the Ubuntu community is great, but they are in danger of becoming a religion. This would be a setback to Ubuntu, Linux and religion.

Vista both disappoints and scares me.

One of life's little mysteries: How can companies full of good people consistently deliver mediocre goods and poor service? (Insert your own sponsor, you know plenty of them, too).

Attention all engineers:
1) Please consider "It has to work" an implied specification for everything you do.
2) Building crap because you were told to does not relieve you of responsibility for the outcome.

If you "sell security", expect to be challenged.
If you fail the challenge, it is not the challenger's fault; thank them and learn from the experience.

Enough for now-

Jack