Slices Of Reason In Security.

Publicated on : 1193744759
The more you talk about something, the less you understand it as a whole.

It is something I learned a long time ago. On first sight it sounds paradoxical, but paradoxes only exist in a personal limitation. Well, if that statement is true why do I talk about it here? Sometimes a small talk is necessary evil to get something across, or to throw up analogues to reach balance in thoughts because humans tend to have a certain fixed mindset.

I think there are unmistakably two different kind of mindsets, which I learned in philosophy. One is the spotlight approach, the other is the floodlight approach. The spotlight mindset deals with individual parts, observing one part at the time. The floodlight mindset deals with the whole and not necessarily with the parts, seeing the whole functioning as a sum of it's parts. Most of the time, you have either a spotlight mind or a floodlight mind. Rarely I come across people who have or utilize both. But, I think it can be learned. The reason I find this important is because it can help one in solving problems, or analyzing a problem in a more efficient way. Some of you probably know what lateral thinking is. Lateral thinking is something we have not been taught to use. Basically all we learned to is to use the spotlight approach and observe each part, analyze it and do something about it. But some problems cannot be solved with examining something part by part.

One problem that cannot be solved by the spotlight is security. Yes, one can put parts into place that can secure a system. But when one lacks the floodlight mindset, you can never anticipate on unknown vulnerabilities. Those are the blind spots in your system. Mostly, because you figured out that the parts function very well on them self, and forgetting that the sum of parts in fact can weaken security. The reason you didn't see that vulnerability is because you lacked the floodlight mindset.

The great Spanish painter Salvador Dali said once: My greatest secret is that you must see everything as a whole. And this is in fact important to understand. Usually painting involves thinking in a whole instead of parts. You have the line and the form, color and contrast which all operate together and makes the whole. Often I see people talking about Search Engine Optimization. I say to them: Well, why didn't you made the site in such a way that it can be indexed by engines from the start? why do you have to adjust things after it? Because they focused on the parts and not on the whole. The same with security, why do you need security after the software product was made? The reason is that those people where fixed on the parts, they are sure the parts are secure, all the links in the chain are secure to them. Not realizing that some links can weaken the chain at any given point. Are they sure that every link is equally secure? I do not think so. It only needs one presumably strong link to weaken a next strong one and collapsing