Follow Up: Principle of Most Privilege

SANS ISC handler John Bambenek has an interesting diary entry discussing what he calls the "Principle of Most Privilege" - the design of security devices to only identify that which is known to be absolutely bad. It is what I refer to as Tradeoff 3: Complete Solutions versus Incomplete Solutions in my previous blog entry. I like his terminology better, as it is far more concise. It's interesting that some feedback I'd received from Sourcefire was part of the inspiration for my lamenting, as it was John's. Hopefully, as more and more credible analysts bring these points to vendors, they will begin to listen and address the shortcomings of the paradigms behind their product offerings and business models.