Comments: Pareto-Secure

Kaldor-Hicks corresponds to a lay theory of value, which assumes commensurability where there often is not. The Pareto approach makes far fewer assumptions in this regard.

Another interesting set of Pareto-improvements comes when one can improve the usability of software without decreasing its security. Such improvements are at least as important as when one can improve secrurity without reducing usability.

Posted by Nick Szabo at May 22, 2005 02:08 AM

I'm musing about this. The thing about Pareto-improvements are that they are very strong and useful if the building blocks are small and cohesive. But as we get more complex, it breaks down, leading to as you suggest temptation into Kaldor-Hicks which to me doesn't deliver value.

But the rise of HCI issues in security thinkers' minds is of such import that it might be a good contrasting improvement that means much security software is not Pareto-secure simply because of these shortfalls. (c.f., Kerckhoffs' principles.) The more I think of it the more this seems like a valuable direction. Thanks!

Posted by Iang at May 24, 2005 07:12 AM
Post a comment

Remember personal info?

Hit Preview to see your comment.
MT::App::Comments=HASH(0x55d09177bd18) Subroutine MT::Blog::SUPER::site_url redefined at /home/iang/www/fc/cgi-bin/mt/lib/MT/ line 125.