原文出處:The Six Dumbest Ideas in Computer Security,分享給大家。底下是我的心得。
1. Default Permit
The opposite of "Default Permit" is "Default Deny" and it is a really good idea. 例子:某新聞網報導某公司第三度調降營運目標。根據這條規則,我們必須「Default Deny」。
2. Enumerating Badness
The cure for "Enumerating Badness" is, of course, "Enumerating Goodness. 承上例:。公司當日下午在公開資訊觀測站發訊澄清,今天又再澄清一次 (出貨量約將比第一季略為下降,減少一成左右)。「公開資訊觀測站」是好站,所以我願意相信他。
3. Penetrate and Patch
Your software and systems should be secure by design and should have been designed with flaw-handling in mind. 我的交易策略有這個問題嗎?祕密。
4. Hacking is Cool
I'd like to fantasize that it will be replaced with its opposite idea, "Good Engineering is Cool" but so far there is no sign that's likely to happen. 這等於「賠錢才發現交易策略有問題」,沒事不要浪費錢。
5. Educating Users
使用者很笨,教育使用者是沒有用的。
6. Action is Better Than Inaction
孫子兵法:「凡用兵之法,全國為上,破國次之;全軍為上,破軍次之;全旅為上,破旅次之;全卒為上,破卒次之;全伍為上,破伍次之。是故百戰百勝,非善之善也;不戰而屈人之兵,善之善者也。」不做多不做空,常是最好的策略。
沒有留言:
張貼留言