SECSYM: Security Symposium II

The moment you plug a live Internet network connection into your computer, you become
part of the seediest neighbourhood in the planet. Your neighbours include thieves,
con-artists, vandals, criminals and hackers. No wonder our computers are exposed to
a very different environment to that of ten years ago!

It only takes one bad guy to take your system down. This is the attacker's advantage
and the defender's dilemma:

- The Defender must defend all points; the Attacker will choose the weakest point.

The Defender must be constantly vigilant; the Attacker will strike at will.

• The Defender can only defend against what he/she knows about; the Attacker will study
  for vulnerable points.

Worse, there are many conflicts when building software. Choosing security often means
a trade-off in other areas. Historically in the industry, software has always been
very convenient: easy to use, with services switched on by default and rapid releases.
The security pendulum has to a certain extent swung to the other side: reducing the
attack surface has made products harder to use - we get more IIS questions now asking
"how do I just get stuff done" because many things are switched off. The pendulum
is now starting to swing to a more balanced perspective where the attack surface is
smaller and security and first-class privacy are first-class features, without turning
so much off that the product becomes unusable.

You can't build, design and test code and then check for security - you need
a process that fosters secure systems. Internal Microsoft statistics show that this
adds perhaps 15% to the schedule, but the net effect of not designing security is
a 30% schedule slip.