Thursday, June 16, 2011

Seussian Security

A program is scanning.
It finds software that's bad.
A person is searching.
He aims to stop the cads.
That's all well and good when programs find code threats.
And nothing goes wrong when folks stop john doe threats.

But it isn't too good when programs and people
Start getting misused against each others evil.
Programs, not people, stop threats that are dumb
And people, not programs, stop threats from someone.
So, when folks get their hands full with threats that are stupid,
And programs gets used on threats that are lucid,
They both wind up failing to keep our stuff safe.

I'm warning you, now! Know your defense's place.

(inspired by Dr. Seuss' "Sleep Book" and Richard Clarke's restatement of the complaint that AV and firewalls don't stop Chinese attackers)