[Cryptography] Binary security (was The Laws of secure information systems design)

[Rick Smith, Cryptosmith]

It’s pointless to write a principle or “law” or whatever claiming “Security is binary."

If the meaning of of a pithy principal isn’t blatantly obvious from its text, it’s badly worded.

A handful of us have had the dubious distinction of working with “formal proofs of security” in which security is considered a binary state. The trick is to define security so narrowly that it is a binary condition that is also provable. You throw out a lot of threats when you do this. The answer to “Is it secure” becomes “Yes, but..” and you have to explain all the exceptions and conditions.

Rick.