[Cryptography] The Laws (was the principles) of secure information systems design

[Michael Kjörling]

On 12 Jul 2016 21:30 +0100, from peter at m-o-o-t.org (Peter Fairbrother):
> The Laws of secure information systems design:

Honestly, I think these are already too many. There is probably room
for quite a bit of combining these into fewer points that cover the
same ground. For example, #3 ("only those you trust can betray you")
and #7 ("holes for good guys are holes for bad guys too"), possibly
along with #0 ("it's all about who is in control") can probably be
summed up in one point, perhaps "technology does not discriminate
based on objective intent or subjective opinion". There's no need for
points that cover essentially the same ground; that's what elaboration
beyond the sound-bite is for.

Also, one that I absolutely think is missing is that _security always
favors the attacker_. (The defender has to defend against _every_
threat; the attacker only has to find _one_ viable attack vector that
is not adequately defended against. That attack vector might not even
allow for a full breach; if it allows the attacker to get a toe-hold,
it might be enough to compromise the security of the system. It also
might not be in a place where you expect security problems at all.)
Hence security in depth, your proposed #10, "design for future
threats" (which I agree with), and observations like Schneier's Law.

And of course, what happened to #14 in your list?

-- 
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
                 “People who think they know everything really annoy
                 those of us who know we don’t.” (Bjarne Stroustrup)