"The unavoidable price of reliability is simplicity"
-Hoare
Complex products are more insecure
-
Security is orthogonal to functionality
-
More security bugs in general per line of code
-
Modularity (too much)
-
Interconnectedness
-
Difficulty of understanding
-
Lack of documentation and/or specifications
-
Difficulty of analysis
-
Unfeasibility of patching
-
Difficulty of testing
-
Inhibits incident response (IR)
Why security fails
-
Use of proprietary algorithms
-
Use of proprietary protocols
-
Bad randomization
-
Mathematical assumptions
-
Reliance on user remembered secrets
-
Reliance on intelligent users
-
Reliance on global secrets
-
Poor failure modes (NOT "Secure by default")
-
Poor compromise recovery
-
Poor forensics
-
Most importantly: Security is added as an afterthought
-
-
Adding security later by wrapping security around existing features
-
Adding security changes the way features are implemented
-
Adding security changes to the application interface (may also break code that is reliant on it)
"Security by Design"
is essential
Let us help you change your mindset and address cybersecurity