[EMAIL PROTECTED] wrote: > On 24.09-13:48, Darren Spruell wrote: > [ ... ] > > Oh, that sounds like a recipe for success. > > > > - Run _arbitrary_ _binary_ application on system. Intend to > use policy > > wrapper to restrict to allowed operations. > > exactly, if the application cannot run within the defined policies it > will not be allowed to run, this is precisely the assurance that some > businesses look for. it is, in fact, a process that helps identify > poor applications. whether the system is opened up or not depends on > the business. ... Whether or not the business wants to stay in business. Security policy seems like a very effective tool for Denial of Service. Burroughs Computers essentially went out of business because their computers refused to do illegal operations while IBM's computers very happily did all sorts of illegal stuff.
The problem is that if you must wait for perfection, you're dead. Approaching perfection becomes combinatorially explosive. > > > The intentions are great and look good on paper. The > reality is a bit > > different, as others have pointed out. > > indeed, i am one of them. and probably as painfully aware of it as > any. that is not the point, writing them off wholesale is folly, and > suggesting the same can be achieved with current toolsets available > is just plain wrong. It is always a case of what can be achieved with how much effort. There are many cases where people fix what they can fix, independent of where the problems actually happen to be.
