7 comments

[ 3.5 ms ] story [ 21.8 ms ] thread
I'd hate for Midori to be lost to the sands of time. Any chance it will be open sourced?
But Midori has always been open-source, why would a project made for... oh wait, wrong neighborhood, sorry I'm out.
The trouble with computer security "defense in depth" is that it only protects against inept attackers. An attacker with resources can get through multiple levels of weak security. Example: StuxNet.
Usually true. That's why high assurance security tried to identify the root causes of problems, formalize security schemes to stop/limit them, formalize designs, and show correspondence. Worked in many situations, not as much in others.

With defense in depth, inherently insecure OS's, libraries, and so on mean extra layers = some extra time/effort. We also know that software markets concentrate into a small number of products in each category that get dominant. We also know nation states and malware authors specialize and increase efficiency similar to markets with effort focused on greatest gains. So, naturally, these combine to dramatically reduce odds one will be safe if they're using popular combinations of hardware, OS's, and software.

High assurance is still necessary. At least at the level of CPU's, kernels, type systems, protocols, and so on. The critical stuff everything else depends on. Rest might be contained or detected running on right architecture.