It’s “Computer MOT” Time Again, Everyone!

Microsoft’s Trusted Computing Veep suggests vetting anything and everything which touches the ‘Net. Perhaps this is not such a good idea?

Security wonks can generally be placed on a 3D – or perhaps more-D – spectrum: on one axis there are those who are naturally better suited towards defence (your stoic network firewall architects) than attack (your rabid penetration testers); another axis comprises the full-disclosure vs: restricted-information dichotomy – those who argue relentlessly about when and whether the technical details of a bug should be published.

At the risk of sounding Dungeons&Dragons the third axis is a question of alignment, of order versus chaos. Followers of order believe that the structures of the physical universe can translate to the digital, so they expound the advantages of Identity, Trusted Computing Bases and Mandatory Access Control (MAC); followers of chaos believe that MAC is cute but that with a good ‘sploit you can DDoS the backbone and bring the Enterprise to its knees even if you can’t read the launch codes. Followers of order counter that network access would be forbidden by policy, and the Chaosites respond with “have you seen this bug?”

…at the Unscrewing Security blog