RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]

From: Don Parker (hydra291_at_hotmail.com)
Date: 09/01/04

  • Next message: Christopher Hicks: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]" 
    To: tbird@precision-guesswork.com, bruce@ei3.com, mjr@ranum.com
Date: Wed, 01 Sep 2004 17:56:47 -0400

    Argh, the computer industry is replete with these big flighty words. We
    should all strive to keep things as simple as possible ie: without the
    hyperbole. Granted you have to have the endless analogies for those who
    don't understand computer security, but we should also attempt to keep
    things as simple as possible. Complexity in both the written word and
    network design is in itself self defeating. Clarity and simplicity should
    always be the goal.

    Cheers,

    Don

    >From: "Tina Bird" <tbird@precision-guesswork.com>
    >To: "Bruce B. Platt" <bruce@ei3.com>,"Marcus J. Ranum" <mjr@ranum.com>
    >CC: "Paul D. Robertson"
    ><paul@compuwar.net>,<firewall-wizards@honor.icsalabs.com>
    >Subject: RE: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]
    >Date: Wed, 1 Sep 2004 13:35:06 -0700
    >
    >
    >
    > > Whatever you do is only as good as your starting hypothesis, the
    > > operational definitions which you create, and your experimental
    > > techniques.
    > >
    >My experience is marginally similar to Bruce's, in that prior to becoming a
    >computer security architect, I was an observational astrophysicist. My
    >Ph.D
    >is on hypothesis testing and the use of statistics to study the
    >gravitational evolution of clusters of galaxies.
    >
    >There are a lot of different, orthogonal bits of the current discussion:
    >
    >1) Did anyone claim that surveys about security are "science"? In
    >particular, is there a hypothesis being tested? If there is a stated
    >hypothesis, is a survey the best way to test it? If it's not testable --
    >or
    >more strongly, if it can't be disproved -- it's not science.
    >2) What is the purpose of the survey author?
    >3) What do we hope to learn from surveys about security?
    >4) How do we want to use surveys about security?
    >
    >When I'm in a particularly rebellious mood, I like to argue about the
    >entire
    > >existence< of the discipline of >>computer science<< -- what are the
    >underlying theories and how do you test them? Little of what I >>do<< now
    >has anything to do with science, although a lot of the skills I use day to
    >day are similar to things I did for my research job.
    >
    >I don't think that surveys are designed to be observations that test a
    >theory.
    >
    >cheers -- tbird
    >
    >
    >_______________________________________________
    >firewall-wizards mailing list
    >firewall-wizards@honor.icsalabs.com
    >http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _________________________________________________________________
    Take advantage of powerful junk e-mail filters built on patented Microsoft®
    SmartScreen Technology.
    http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
      Start enjoying all the benefits of MSN® Premium right now and get the
    first two months FREE*.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Christopher Hicks: "Re: [fw-wiz] Re: Flawed Surveys [was: VPN endpoints]"