|
|
|
|
|
|
by chriswarbo
1944 days ago
|
|
|
> Yet what is "security" but understandability? I prefer to think of security as the opposite of functionality: increasing functionality makes more things possible, increasing security makes fewer things possible. I like this view because it forces us to acknowledge the tradeoff: the most functionality we can provide is a root shell with no passwords; the most security we can provide is an inert brick; we need to be specific about what functionality should be provided, what shouldn't, and design a system which sits between the two. From this perspective, modularity can increase security by preventing one module from accessing/executing unexported parts of another module. Yet this implies that modularity also reduces functionality, for exactly the same reason. Again, we need to specify what should be exported, what shouldn't, and implement something between the two. |
|
|