http://www.ranum.com/security/computer_security/editorials/dumb/

Interesting read, though I think the guy is a bit idealistic on the built in security concept.  White lists vs Black lists are definately smarter though.  None the less, it's worth a read from us I warrant.

Definately his number 3 and 4 thoughts are stupid.  Numbers 1,2, and 6 I agree with in a number of situations.  Though... arguably his #1 and #2 are pretty much rewording of the same issue.  I agree with white listing vs black listing, so I guess that's what I liked from the article after reading it again heh.  #5, with keeping the users ignorant, kind of cracks me up.  Then again, I work in the government where half of the people I work with know as much about their basic computer as they do about rocket science... hense it's a bit of a mute point.  I did like his #1 and 2 (or just #1 if you take into account that they're basically the same) argument.  Obviously no one would agree with his take on #3 or 4 who reads this forum.   Perhaps I saw more good in his article due to the coppious amounts of pain killers they are pushing into me for my spine.  Heh, none the less, yeah white list.. boo black list... kill the pig, drink it's blood?

Hmm, I gave it a quick once over and I got the feeling he was saying if we just had more secure code there would be no more hacking or breaching, time would be better spent in that direction (writing better code) rather than learning hacking methodology. The problem with that simplistic argument is that there is more to hacking than just running exploits!  Thats not the only way to breach security and gain data.

I'll skip over most of the article as the relevance/bias has already been covered.

The aspect that confused me was 'the minor dumbs' section. The writer laughs at/insults anyone that is looking for a silver bullet and doesn't practice defense in depth, yet has written an entire article aimed to removing an available tool in a security setup. I agree that if we had more secure applications we would need less after market security, but to use his own comparision
'would you trust your life to the aviation industry if they only took the manufacturers word that the plane isn't going to fall out the sky, without testing it first?

I'd say this guy has an agenda or a screw-lose.

Either that's a coincidence or an intentional quote, either way brightened my work day, cheers