[discuss] Who is responsible for security

Joseph Alhadeff joseph.alhadeff at oracle.com
Fri Jan 17 13:16:18 UTC 2014


I don't disagree with your observation, but my comment was addressing scope/zone of responsibility and what is reasonable in the circumstances.  Also, please note that most padlocks are not completely individual but rely on a few versions of keys for good enough security.  Please also note that bank vaults are a good example of context risk and appropriates as they are rated in terms of man hours needed to crack the safe so that one can determine what is appropriate to their need...



Sent from my iPad

> On Jan 17, 2014, at 12:36 PM, Roland Perry <roland at internetpolicyagency.com> wrote:
> In message <A01C0C65-85C6-4934-A963-899C52C4AFE9 at oracle.com>, at 08:26:26 on Fri, 17 Jan 2014, Joseph Alhadeff <joseph.alhadeff at oracle.com> writes
>> Finally to take the lock analogy too far, all parties have responsibility; the lock makers, the lock installers  as well as the users.  The user, for example, cannot reasonably use a suitcase lock to secure a house,
> Which reminds me of the "TSA approved suitcase locks" available in the USA which can be opened by inspectors.
>> but likewise, the user cannot be expected to have the expertise of either
>> the lock maker or installer.
> And to a first approximation if someone breaks into your house you are the only victim. If someone breaks into your computer then there is much more at stake.
> -- 
> Roland Perry
> _______________________________________________
> discuss mailing list
> discuss at 1net.org
> http://1net.org/mailman/listinfo/discuss

More information about the discuss mailing list