Security in the Real World: How to Evaluate Security Technology

B. Schneier

Computer Security Journal, v 15, n 4, 1999, pp. 1-14.


The following remarks are excerpted from a general session presentation delivered at CSI’s NetSec Conference in St. Louis, MO, on June 15th, 1999.

At Counterpane Systems, we evaluate security products and systems for a living. We do a lot of breaking of things for manufacturers and other clients. Over the years, I’ve built a body of lore about the ways things tend to fail. I want to share my “top 20 list” of what’s wrong with security products these days.

[full text – HTML]

Categories: Miscellaneous Papers

Sidebar photo of Bruce Schneier by Joe MacInnis.