Principles are based on scientific sources.
| Name | Good Security Now |
| Sources | (Garfinkel, 2005) |
| Synonyms | Don’t Wait for Perfect (Garfinkel, 2005) |
| Intent | Ensure that systems offering some security features are deployed now, rather than leaving these systems sitting on the shelf while researchers try to develop “perfect” security systems for deployment later. |
| Motivation | All too often, security practitioners argue that security solutions that are good but not perfect should not be deployed because people will come to rely on them, and then be misled when the systems fail. The practitioners argue that it is better to deploy nothing. Deploying solutions with no security does not stop these would-be users: instead, they assume that security is provided, they try to cobble together their own solution, or else they choose to accept the risk and operate with no security solution at all. |
| Examples | The decision to hold off on the use of public key cryptography until keys could be certified resulted in a delay of many years. In practice, the system that was ultimately deployed offered privacy and security guarantees that are very similar to a system that could have deployed without keys certified by third parties. |
| Guidelines | None |
| Tags | None |
| Log history | [02/14/2016]: Added to repository |
Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.