Dumb Ideas in Computer Security

A whole month without blogging! I need to shape up!

Today I read a very interesting article which I found on /. called "The Six Dumbest Ideas in Computer Security". It is a very interesting read. The author argues that in many cases we try to solve the security problem by attacking it from the wrong direction. An example: instead of filtering out gazillions of bad programs (malware, viruses, worms etc.) on should focus on only allowing those programs that we actually intend to use to run. With this turned-around approach we no longer need anti-virus lists that need to be updated every week. We will simply never be troubled again by malicious programs.

I don't agree with everything the author writes in the article though. His third point is that patching a piece of buggy software is a bad idea. I simply cannot accept that. It is not stupid to fix a bug. It is a Good Thing. What he argues for is that systems should be build with security in mind from the bottom up and that one should carefully plan systems before writing the code. I wholeheartedly agree with that. But that doesn't mean that fixing bugs is a bad thing.