Security: Measure what matters

newbino · Jun 4, 2009

Security: Measure what matters
Browser security is increasingly important as everyone wants to know they are safe when it comes to security. A growing number of groups are attempting to compare browsers based on their security record, which is great news — users are more informed than ever, and browser vendors have a better idea of where they stand and how to improve. Johnathan Nightingale writes, “The thing to watch when you’re measuring software security, though, is that you’re measuring the things that matter. We’ve talked about this before, but it bears repeating: if you measure the wrong things, you encourage vendors to game the system instead of actually making things better.” Johnathan’s article goes on to discuss the three elements that make for a good security metric, and what this means both now and in the future.
Click to expand...

article

Rmus · Jun 5, 2009

To me, what matters most is how a product holds up under fire -- how it performs in the real world. If none of the attacks in the wild can compromise the browser I'm using, then I'll continue to use it until it proves not to be reliable under those conditions.

----
rich

benton4 · Jun 5, 2009

Rmus said:

To me, what matters most is how a product holds up under fire -- how it performs in the real world. If none of the attacks in the wild can compromise the browser I'm using, then I'll continue to use it until it proves not to be reliable under those conditions.

----
rich
Click to expand...

I agree with you, Rmus. Real world performance is where it matters most.

Eice · Jun 5, 2009

I have to disagree. If my setup can be compromised by even a theoretical PoC, that's enough to make me investigate the issue, re-evaluate my setup, and perhaps change things and/or take extra measures. Part of security is being able to recognize trends and think ahead, not scrambling to cover one's behind after one gets hit, but then again there's also a fine line between that and unwarranted paranoia.

Rmus · Jun 6, 2009

Eice said:

Part of security is being able to recognize trends and think ahead, not scrambling to cover one's behind after one gets hit, but then again there's also a fine line between that and unwarranted paranoia.
Click to expand...

That is certainly true.

I would surmise that most people find their comfort level somewhere between those two poles.

----
rich

Log in or Sign up

Security: Measure what matters

newbino Registered Member

Rmus Exploit Analyst

benton4 Registered Member

Eice Registered Member

Rmus Exploit Analyst

Log in or Sign up

Security: Measure what matters

newbino Registered Member

Rmus Exploit Analyst

benton4 Registered Member

Eice Registered Member

Rmus Exploit Analyst

Useful Searches