Design is not a bug. Some things just aren’t designed to meet security goals. Telnet is plaintext, in most environments that’s a pretty bug security issue. That’s not a bug in the code, it’s just not designed to protect the data from tampering, evasedropping and hijacking. It just can’t operate any other way.
Configuration errors are security issues, but they are not bugs. Users can setup up things insecurely.
Human beings present their own security issues, and they are definitely not bugs you can code away.
The biggest myth about software security is that’s it’s all just bugs. This leads to after the fact thinking (well just patch it), and a huge blind spot to the fact that security isn’t something you can just build, it’s an entire process that goes way beyond just code.
Interesting a younger Donald Trump proposed a wealth tax back in 1999 (of 14.5% on $10M or more). But the 16th Amendment clearly says "income" tax. It doesn't say "wealth" or "assets" or "property", so any wealth tax without an amendment would fail on constitutional grounds.
Note: I performed security audits of VHA facilities for a couple of years.
Unlike non-federal hospital, this is due to jurisdiction. VHA Hospitals are federal land so local police departments wouldnt have any jurisdiction, and the federal government typically looks at its responsibility to enforce laws within the land it owns. Also, some VHA facilities are on large campuses in more rural/less urban areas which effects the size of the police forces there.
The Fukushima accident had more to do with the culture in Japan than the industry globally[1]. The government and the regulator were basically in bed with TEPCO.
> In a way, the world is lucky it happened there and not somewhere else.
Its a mixed bag, while that might be true its important also to remember that kind of accident could have really only occurred in the USSR. Western countries simply couldnt muster the political support to build reactors with that lack of concern for safety, or those kind of design flams. The USSR? No problem.
Just wow to think they build power reactors without even a containment structure.
Design is not a bug. Some things just aren’t designed to meet security goals. Telnet is plaintext, in most environments that’s a pretty bug security issue. That’s not a bug in the code, it’s just not designed to protect the data from tampering, evasedropping and hijacking. It just can’t operate any other way.
Configuration errors are security issues, but they are not bugs. Users can setup up things insecurely.
Human beings present their own security issues, and they are definitely not bugs you can code away.
The biggest myth about software security is that’s it’s all just bugs. This leads to after the fact thinking (well just patch it), and a huge blind spot to the fact that security isn’t something you can just build, it’s an entire process that goes way beyond just code.