zemn-me · Zemnmez · Dec 9, 2024
@@ -0,0 +1,25 @@
+---
+title: The Secret to Computer Security is being Consistently Wrong.
+date:
+  - 9
+  - dec
+  - 2024
+tags:
+  - writing
+  - security
+language: en-GB
+description: Article promoting transforming content instead of validating it.
+---
+
+          The Secret to Computer Security is being Consistently Wrong.
+===============================================================================
+
+Validating inputs is one of the most often repeated tenets of computer security. It is in a sense an evolution of the more ancient tenet 'garbage in, garbage out' -- contextualised as the idea that if you are sure of the security of what goes into your program, you can be sure of the security of what comes out.
+
+Experience, I argue, should at this point have taught us better than this. The most egregious computer security vulnerabilities of today don't come from validation problems -- in many cases, all parties have validated to the best of their ability. The issues stem from ambiguities in what should be considered valid that percolate through until differences in interpretation become egregious enough to be security issues.
+
+The issues, I'd argue, stem not from validating incorrectly, but from not being *consistently wrong*.
+
+
+Thomas
+