[cap-talk] "Immutable Law" #1 is alive and well at Microsoft
Ka-Ping Yee
cap-talk at zesty.ca
Fri Oct 5 17:47:32 EDT 2007
On Fri, 5 Oct 2007, Mark Miller wrote:
> On 10/5/07, Stiegler, Marc D <marc.d.stiegler at hp.com> wrote:
> > [...] At MS, it would be especially easy to be unfamiliar
> > with these counterexamples -- you are surrounded by worldclass top
> > experts in security [...] who will tell you the immutable law is true.
>
> I doubt it. Anyone ever hear a worldclass expert in security, whether
> at MS or not, claim that this "law" is true? You can respond to me
> privately if you'd like. If you do, please let me know if I can
> summarize responses for the list. Thanks.
I don't understand -- how do these not count?
http://blogs.msdn.com/larryosterman/archive/2007/09/21/threat-modeling-again-threat-modeling-rules-of-thumb.aspx
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx
Are you saying that it doesn't matter if Scott Culp and Larry Osterman
quote Law #1 because they don't count as world-class experts?
-- ?!ng
More information about the cap-talk
mailing list