|
|
|
|
|
|
by chwahoo
5601 days ago
|
|
|
Where the author's narrative breaks down is when he draws a parallel between security and proofs of theorems. The closer connection is between security and adequacy of theorems. It is true that you need to make sure your software conforms to its specifications and that process does involve informal (or formal) proof-like reasoning, but that is only a small part of the challenge. This is the part that mathematicians would be good at, but other technologies are good at the this as well (type checkers prove weak properties, verification tools prove stronger ones). None of this requires a "twisted mind", just attention to detail. The problem of writing software specifications that correspond to the abstract notion of security is the tougher task. In math, the closest analogy is figuring out what theorems people actually care about. While I don't know for sure, I'm skeptical that a math education emphasizes this skill. Security takes this skill a step further and requires Schneier's "twisted mind" to consider all the real-world ways that things could go wrong (including, among other things, the incentives that might motivate an adversary) and write specifications for secure, but useful, software. |
|
|
I read this as saying that the mindset required to write proofs is similar to the mindset required to write secure software. The proof mindset is useful for considering “all the real-world ways that things could go wrong.”
I think the paragraphs about Knuth’s famous quote just muddy the water.