|
|
|
|
|
|
by agravier
5120 days ago
|
|
|
That's assuming the security models being compared are strict about the things that matter. For instance, I can be very strict about PDFs on your computer: no PDF allowed. If you have addressed the risks posed by other more vulnerable attack vectors, OK, then my rule reduces the uncertainty of less strict but more complicated rules that would address the vulnerabilities of PDF readers. Otherwise, for example if I'm allowing the auto-execution of apps on removable devices, my strict PDF rules don't increase security. |
|
|