-
Resilient Assurance: A Failure-Assumed Approach to Confidence and Control
“Mature assurance is not the pursuit of perfect prevention. It is the disciplined management of inevitable failures” Limits of Classical Assurance Traditional or classical Assurance tends to make assumptions; that controls are implemented, that controls operate correctly, and thus that risk is reduced. In practice, things are not generally so simple. Controls decay. Environments change…
-
Strong Ciphers, Weak Assumptions
The best laid plans of mice and men… A lot of attention has been paid to the design and implementation of messaging apps. Signal usually comes out as being considered the most trustworthy of the bunch by people who worry about detail, but there are other apps with real end-to-end encryption too. Of course, subverting…
-
How will Quantum Vulnerable Encryption (QVE) unravel?
I’ve written a little recently (and less recently!) about Post Quantum Encryption and how action is needed NOW. How the timeline of QVE’s unravelling and collapse will take place is almost impossible to say. But we might usefully draw some lessons from the collapse in confidence of the MD5 hashing algorithm. Let’s look at the…
-
[***NOT REDACTED***]
Or “Redaction Failures”. There have been many high-profile redaction failures over the years[1]. So it may help to briefly classify[2] them into some different types. Context & Inference That last category is rarely talked about. After all, techies love technical failures or clever technical workarounds. Context & Inference is terribly boring in comparison – but…
Trials & tribulations of my increasingly full-time girl-mode.
sophie @ baskerville.net
Sophie Baskerville 