Good Security Now

Name Good Security Now
Sources (Garfinkel, 2005)
Synonyms Don’t Wait for Perfect (Garfinkel, 2005)
Intent Ensure that systems offering some security features are deployed now, rather than leaving these systems sitting on the shelf while researchers try to develop “perfect” security systems for deployment later.
Motivation All too often, security practitioners argue that security solutions that are good but not perfect should not be deployed because people will come to rely on them, and then be misled when the systems fail. The practitioners argue that it is better to deploy nothing. Deploying solutions with no security does not stop these would-be users: instead, they assume that security is provided, they try to cobble together their own solution, or else they choose to accept the risk and operate with no security solution at all.
Examples The decision to hold off on the use of public key cryptography until keys could be certified resulted in a delay of many years. In practice, the system that was ultimately deployed offered privacy and security guarantees that are very similar to a system that could have deployed without keys certified by third parties.
Guidelines None
Tags None
Log history [02/14/2016]: Added to repository

References

Garfinkel, S.L., 2005. Design principles and patterns for computer systems that are simultaneously secure and usable (PhD thesis). Massachusetts Institute of Technology.