






















"Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. In this paper, we take a look at how we keep falling for the same security issues, and what we can learn from aviation safety to learn building and operating IT systems securely. We find that computer security should adopt the idea of safety. This entails not only building systems that are operating as desired in the presence of an active attacker, but also building them in a way that they remain secure and operational in the presence of any failure. Furthermore, we propose a 'clean slate policy design' to counter the current state of verbose, hardly followed best practices, together with an incident handling and reporting structure similar to that found in aviation safety.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。