Moving Fast and Breaking Things: How to stop crashing more than twice
share
"Moving fast, and breaking things", instead of "being safe and secure", is the credo of the IT industry. In this paper, we take a look at how we keep falling for the same security issues, and what we can learn from aviation safety to learn building and operating IT systems securely. We find that computer security should adopt the idea of safety. This entails not only building systems that are operating as desired in the presence of an active attacker, but also building them in a way that they remain secure and operational in the presence of any failure. Furthermore, we propose a 'clean slate policy design' to counter the current state of verbose, hardly followed best practices, together with an incident handling and reporting structure similar to that found in aviation safety.
READ FULL TEXT