I just came across the following four stances of securing an appliance (that is, a combination of a specific application and a machine capable of running it):
- Most existing systems are too complex to guarantee that they are bug free and the service(s) they provide are impenetrable. Hence one has always has to suspect them being compromised. There is no way in finding and fixing all bugs. Be it out of lack of funding or time.
- Even if an existing system has known flaws, one can hardly replace the system due to economic restrictions or the simple truth that the application just won’t run on any other system or the lack of alternatives.
- Developing secure software is extremely tedious and costly. It doesn’t pay for most situations.
- The best security measure is powerless against malign insiders who misuse their privileges.
Especially the first two points are, though well known, not always esteemed: Usually, software vendors don’t like the first point. They prefer to view their products as secure without taking into account that without secure hardware running a secure operating system there is no such thing as a secure application. The second point is disliked by software evangelists since it undermines the fact that their propagated software can’t meet all requirements in all scenarios. So the next time you hear someone preaching about security, judge him on those four principles.