Monoculture
Bill Sommerfeld
sommerfeld at orchard.arlington.ma.us
Wed Oct 1 11:54:03 EDT 2003
> Who on this list just wrote a report on the dangers of Monoculture?
An implementation monoculture is more dangerous than a protocol
monoculture..
Most exploitable security problems arise from implementation errors,
rather than from inherent flaws in the protocol being implemented.
And broad diversity in protocols has a downside from another general
systems security principle: minimization..
The more protocols you need to implement to talk to other systems, the
less time you have to make sure the ones you implement are implemented
well, and the more likely you are to pick up one which has a latent
implementation flaw.
- Bill
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list