Security in the Real World: How to Evaluate Security Technology

B. Schneier

Computer Security Journal, v 15, n 4, 1999, pp. 1-14.

EXCERPT:

The following remarks are excerpted from a general session presentation delivered at CSI's NetSec Conference in St. Louis, MO, on June 15th, 1999.

At Counterpane Systems, we evaluate security products and systems for a living. We do a lot of breaking of things for manufacturers and other clients. Over the years, I've built a body of lore about the ways things tend to fail. I want to share my "top 20 list" of what's wrong with security products these days.

[full text - HTML]

Categories: Miscellaneous Papers

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.