Test driven development of security improvements

Without a mandate for measuring and reporting actual improvements in security (decision making), attempts at improving security makes absolutely no sense.

  • Main goal of a system administrator is to be as lazy as possible. Not lazy in the sense of not working, but lazy in the sense of making the system doing the hard and repetitive jobs, to free time and energy for doing the thinking, writing, securing and communication jobs.
  • Another main goal of system administration is user satisfaction. Measuring things like Mumble or Schleuder mailinglist server availability, time needed to solve problems and error rates can be used as indicators of satisfaction.
  • In general, computer security can have seven objectives (and counting): Plausible deniability, data confidentiality, data integrity, data authentication, forward secrecy, post compromise security and perfect secrecy

In high risk contexts where lives can depend on being able to warn each other and on being able to communicate without adversaries being able to read the content of messages, infrastructure availability is obviously of more importance, In such contexts, building digital infrastructures that do not make users dependent on centralised services, and choosing and deploying as-secure-as-possible distributed and decentralised solutions with its occupants using those in the most secure way possible is goal.

  • Last modified: 2019/08/01 17:36