Thursday, July 24, 2003

Security Is All About Risk Management

Keith Brown just sent this out to one of the internal DevelopMentor mailing lists. He’s often said that security is about risk management. I agree; it’s not about making everything super tight, it’s about making everything tight enough.


I just found a great example of this. This company ( allows you to use them for temporary email addresses. You just tell someone to send mail to (where SOMETHING is any string you want) and then you surf to, type in SOMETHING and press the button to read your mail. All mail is deleted after a few hours.

In their FAQ they have the following:

Q: This sounds pretty insecure. What if I send important emails with sensitive super-secret information in them to mailinator?
A: Then you are a stupid-head. That isn't what this is for.

I just about died laughing after reading that answer. It's a great example of security being all about risk management.


Apparently he heard about this over on Joel’s blog.

No comments:

Post a Comment