Skip to content

Entries from November 2007

Making Standardization Committees Build More Secure Products

Lately I have been occupied once again with the specification of a security system as part of a standards committee. The identity of this standards body really does not matter. What does matter is that the process, just like its outcome, never improved.

There is a problem with security systems that are standardized by committees. Perhaps not every committee, but those committees that are democratic in nature. Democracy is good, all in all, but it doesn’t serve the design of security products well; at least not when it comes to design done by many individuals with different agendas.

It is easy to see why.

Continue reading "Making Standardization Committees Build More Secure Products"