Click here to Skip to main content
15,885,853 members
Search within:


Articles / Programming Languages / C++
 
Technical Blog
View Original

How security is very much like MMA

Rate me:
Please Sign up or sign in to vote.
1.00/5 (1 vote)
20 Sep 2009CPOL2 min read 9.4K   3   2
It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.

It occurred to me after following the most recent UFC MMA (via the web blogs rather than PPV as I’m still too cheap!) that security and MMA have a lot in common. More precisely the fighters in a stable as very similar to security algorithms or process.

Once a fighters weakness has been exposed there is really nothing you can do to unhide that weakness. You could have the best fighter in the world one day, then the weakness is exposed… You are in trouble!

Security is very much the same. You can perform all the scans, probes, fuzzes, code reviews and feel confident (well as confident anyone does in the security world!) that you are pretty well covered. One revelation a day later can completely invalidate your expectations, and you have to completely start over. Sometimes it is a slow build up, other times it is the equivalent of a bomb.

Bottom line is once a weakness has been exposed you need to

  • See if it can be simply covered
    • Fighter can learn to defend take downs (or not get hit in the head :-) )
    • Algorithm can be enhanced to extend its life DES==>3DES
  • Relegate
    • Fighter acts as the ‘gatekeeper’ to the higher competition levels
    • Algorithms security clearance has been lowered, it cant be used in the more secure areas. Examples of this are theoretical discoveries that are likely to result in the actual weakness some time later.
  • Retire
    • Fighter retires, becomes a commentator
    • Algorithm depreciated as it is shown to be fundamentally insecure, now studied in university to show the weakness that designers need to be aware of. Think WEP!

If the weakness is known it is natural the opponent will attempt to get a competitive advantage using it. The longer the weakness is known the more adept the opposition will be at exploiting it.  This is true for both MMA & security!

Companies running a SDL are the equivalent to the fighters stable. It is their job to recognize the weaknesses and manage the processes and algorithms so any weaknesses are covered or retired before they become a major problem.

Gareth

This article was originally posted at http://www.csharphacker.com/technicalblog?p=461

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
GarethI
United States United States
I'm Gareth and am a guy who loves software! My day job is working for a retail company and am involved in a large scale C# project that process large amounts of data into up stream data repositories.

My work rule of thumb is that everyone spends much more time working than not, so you better enjoy what you do!

Needless to say - I'm having a blast.

Have fun,

Gareth

Comments and Discussions

 
First Prev Next
GeneralMy vote of 1 Pin
Country Man21-Sep-09 4:34
Country Man21-Sep-09 4:34 
GeneralRe: My vote of 1 Pin
GarethI21-Sep-09 5:30
GarethI21-Sep-09 5:30 
Last Visit: 31-Dec-99 18:00     Last Update: 25-Apr-24 4:34Refresh1

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 20 Sep 2009

Article Copyright 2009 by GarethI
Everything else Copyright © CodeProject, 1999-2024

Web04 2.8:2024-04-02:1