Comments

Franky B.December 11, 2009 3:22 PM

Bruce,

Was this edited in a way that tweaks the meaning of some of your statements?

This is one of the first times that I find myself in disagreement with the spirit of your opinion. You seem to be indicating that since you are forced by circumstance to trust 3rd parties for some things, you might as well trust them with everything. When it comes to data, I tend to disagree, especially when it comes to business. For home users with little experience and few resources to allocate to the problem, it's a tenable position. For businesses? Absolutely not!

There's a big difference between:
- living with the fact that I can't write all the software I need myself and must trust a 3rd party to not insert anything malicious in the code they sell me, and;
- deciding to trust a 3rd party with direct access to my data.

There are so many more concerns than malicious intent when it comes to third party access to data. The plain fact is that they have their own interests and those won't always coincide with mine. It's normal in a case of conflict of interest to expect that a third party will always have their own interests at heart.

Bruce SchneierDecember 13, 2009 5:09 AM

"This is one of the first times that I find myself in disagreement with the spirit of your opinion. You seem to be indicating that since you are forced by circumstance to trust 3rd parties for some things, you might as well trust them with everything. When it comes to data, I tend to disagree, especially when it comes to business. For home users with little experience and few resources to allocate to the problem, it's a tenable position. For businesses? Absolutely not!"

I agree. There are definitely more risks in trusting an outsourcer than in, for example, trusting a software vendor. But it's a continuum. So, yes, this was edited badly -- the full answer to that question is long and complicated.

Clive RobinsonDecember 13, 2009 5:35 AM

@ Bruce,

I can see the Internet headlines now,

"OMG Bruce Schneier well known Security Guru admits to being human"

8)

Your going to have to upset your publisher and give up the "Chuck Norris" image 8)

Speaking of which hows the "action figure" investigation coming along?

Franky B.December 13, 2009 1:37 PM

@Bruce,

"So, yes, this was edited badly"

Ah! though so. Sucks that the summary under the picture puts words in your mouth that are likely much more black and white than anything you said.

"the full answer to that question is long and complicated."

As most correct answers are... ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..