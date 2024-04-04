Principles not products: Why we need more top-down security engineering.

Apr 04, 2024



In only the last three days Google, Apple, and Microsoft have each been the subject of dispiriting security news stories exposing their deceit and fundamental lack of trustworthiness. Readers unfamiliar with cybersecurity won't know that this is our daily grist, just the latest in a seemingly endless litany of betrayals. We all try to act "unsurprised".

Online conversations in forums like Slashdot, Hacker News, and the blogs of Bruce Schneier and Brian Krebs are becoming noticeably frustrated, thrashing in circles of whataboutism as the tech community realise there really are no "good guys" left to turn to, no harbours on this wild and violent sea.

[...]

The tragic death of Ross Anderson last week has affected me a lot and made me reflect hard on what we are really doing in cybersecurity. Ross was one of the few fellows who had the courage to openly ask top-down questions in our field.

I've always started my classes with a different set of fundamental questions. What is security? Why would you want it? For who? From whom? To what end?

Because if you go at it bottom-up, most people, by the time they've learned about storage, networks, encryption, and protocols, are so exhausted they've forgotten why they're doing it by the time they get to the upper layers. At that point, they just look at a bunch of products and say "Hey, looks like this one meets our needs". And that's it.

