Shostack + Friends Blog Archive


Signal Boosting Amrit Williams

File this under “Posts I Wish I’d Written”. Amrit Williams’ “
The 7 Greatest Ideas in Security
,” really highlights a lot of my basic thoughts on how security should work. His conclusion sums things up cogently, but go read the entire post:

Some may argue that something has been forgotten or that the order is wrong, but I would argue that we must learn to develop securely, implement the proper security controls, verify the functioning of these controls, leverage the research of the greater community, ensure that what cannot be protected is hidden, and from the beginning to the end properly plan, prepare, and set the right expectation – these are the greatest ideas in security and if we learn to embody these principles, we would be moving the industry forward as opposed to constantly feeling like we can only clean up the incompetence that surrounds us.

Also, extra points for the great turn of phrase “Inspect What You Expect”.

One comment on "Signal Boosting Amrit Williams"

  • Amrit says:

    I don’t know if it is true or not but a Marine friend tells me this is a common term. I gave a presentation to a group of web developers back when I was with Gartner – Security 101 for Web 2.0 – in my mad ramblings of how to develop secure web applications the one thing that seemed to resonate the most was that they must enable proper application logging so that the security team can inspect what they expect =)

Comments are closed.