Pensieri di un lunatico minore

29 October 2006 Security

CYA

Continuing our rants on idiotic ideas in the name of “security”, comes this article by Dennis Forbes:

The CYA Application Security Model is the practice of implementing so-called security obstructions primarily to absolve the vendor from blame if something goes awry during everyday operations. This model is usually sold under the pretense of improving user education, or encouraging safer application usage, but that’s of minimal actual concern (in reality the opposite outcome—more risky application usage—is probable).

Dennis goes on to discuss all the silliness that comes from this. The thing that I don’t think is emphasised enough in this writing though is the Chicken Little syndrome, which teaches users to ignore all the warnings because they’re stupid, and then they’re not actually paying attention when you need them to. This kind of thing also happens with warning labels in our lawsuit-obsessed world.

This entry was posted at 5:42 pm on 29 October 2006 and is filed under Security. You can follow any responses to this entry through the post-specific RSS 2.0 feed.

No comments found.

Responses are currently closed, but you can trackback from your own site.

Syndicate using either Atom or RSS.

All content of this site is covered under the Createive Commons Attribution-Noncommercial 3.0 license unless otherwise specified. The postings on this site are my own and don’t necessarily represent the positions, strategies or opinions of my employer.