Trust no one

Law 4 is “Trust no One”. Often when I present the ten laws, when arriving at this one, there are laughter and of course the inevitable question: “Even not you?”

Obviously, security cannot be build without trust. Trust is the foundation of security. Unfortunately, trusting people is the most difficult part of the design.

In an article for the Wall Street Journal, Bruce Schneier proposed five heuristics to deal with trusted people:

1. Limit the number of trusted people…

2. Ensure that trusted people are also trustworthy…

3. Limit the amount of trust each person has…

4. Give people overlapping spheres of trust…

5. Detect breaches of trust after the fact and prosecute the guilty…

In other words, trust people until a given limit. Build some safeguards around trusted people. My preferred one is number 2. it is also the most difficult to enforce.

The blog of content protection

A site managed by Eric Diehl

Leave a Reply Cancel reply