I've said it before, tradeoff's pop up in programming all the time. They are often difficult decisions, with no easy answer, and we often make the wrong decision.
Security is no stranger to trade-offs, here are three trade-offs that often limit security:
- Security Vs Performance - The biggest example of this is SSL. Your site may have a SSL certificate, but you probably only utilize it on certain parts of the site since SSL is slower.
- Security Vs Usability - You could set your session timeout's to 5 minutes, but people don't like to login repeatedly.
- Security Vs Cost/Time/Effort - This is often the biggest hurtle to writing secure software. We need this done yesterday, often means we skip or skimp on things like validation.
These aren't the only reasons for security vulnerabilities, often they are due to bugs, or from a lack of knowledge about the vulnerability.
Like this? Follow me ↯Tweet Follow @pfreitag
Security Tradeoffs was first published on August 06, 2009.
If you like reading about security, tradeoffs, performance, or usability then you might also like:
Want Security Advisories via Email?
Advisory Week is a new weekly email containing security advisories published by major software vendors (Adobe, Apple, Microsoft, etc).