No, that's just an arms race, and it's advantage attacker since in security we g... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jerf on Jan 24, 2019 \| parent \| context \| favorite \| on: Pear.php.net shuts down after maintainers discover... No, that's just an arms race, and it's advantage attacker since in security we generally assume the attacker has our source and executables. Plus it's ultimately an instance of the halting problem; there is no way to run code to determine if another piece of code is "good" for any sensible definition of "good". (See Rice's Theorem.) You need to ensure bad stuff can't get in, not let stuff in and try to determine what's bad after the fact.

dotancohen on Jan 27, 2019 [–]

What aspect of information security is not inherently advantage attacker?

Regarding "ensure bad stuff can't get in", that is a completely different aspect. No matter how well you "ensure", bad stuff will always get it. Thus security is done in layers.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact