To round off our first foray into peer-review, FC++ presents a paper my own observations on a term dear to our hearts, if not our heads. Can an economics framework explain what we mean by security?
What do people mean when they say something is secure?
Shamir's 1st law says absolute security does not exist, yet the popular press and the security buying process is inundated in secure product. For some of these products, there may be merit in the term, but for many it is more debatable. Such differences of meaning and applicability suggest low efficiency in the market for security, as well as a blackspot on the claim for security as a robust science.
One way to define 'secure' is to apply the economics theory and terminology of Pareto efficiency. This simple structure gives an easy way to categorise and choose among alternates, and identifies when an optimum has been reached. We suggest that this meaning may already be in wide spread usage, intuitively, among security practitioners and the popular press.
As always, comments welcome. For all FC++ discussions, we are interested in where you think these papers might be better published.Posted by iang at May 12, 2005 01:30 AM | TrackBack