Assurance
Schneier on the recent release of the California security review of electronic voting machines, and what CA is doing about the across the board failures:
California Secretary of State Debra Bowen has conditionally recertified the machines for use, as long as the makers fix the discovered vulnerabilities and adhere to a lengthy list of security requirements designed to limit future security breaches and failures. [ …] While this is a good effort, it has security completely backward. It begins with a presumption of security. […] Insecurity is the norm. If any system – whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. – is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet.
So, what to do? Assurance:
Several years ago, former National Security Agency technical director Brian Snow began talking about the concept of “assurance” in security. Snow, who spent 35 years at the NSA building systems at security levels far higher than anything the commercial world deals with, told audiences that the agency couldn’t use modern commercial systems with their backward security thinking. Assurance was his antidote.