[Cryptography] best practices considered bad term
Alfonso De Gregorio
alfonso.degregorio at gmail.com
Sun Feb 1 03:18:50 EST 2015
On Sat, Jan 31, 2015 at 11:27 AM, ianG <iang at iang.org> wrote:
...
> As a wider philosophical question, is it even appropriate to promote or
> accept 'best practices' in the security world? It's presence is almost a
> complete proof that we're not doing security, we're instead participating in
> a rain dance or voodoo for purposes of avoiding security.
As long as stakeholders are unable to assess the risks their business
is exposed to, there will be no such thing as best practices. We will
be left only with common practices pretending to be relevant or right.
-- alfonso @secYOUre
More information about the cryptography
mailing list