At RSA Conference in San Francisco, Steve Lipner, executive director of SAFECode, reflected on some of the mistakes he has made in 50 years of working in IT and cybersecurity. In a talk he introduced as “things I wish I’d done differently,” Lipner named six instances of products and services he's been involved with.
The first was Bell-LaPadula, a model used for enforcing access control in government and military applications, which he described as “multi-level security” and enabled an administrator with top secret level classification to read unclassified files. Calling this initially a “breakthrough in building secure computer systems and encouraging organizations trying to build secure systems,” he said this was based on the Department of Defense model of information security and classification.
However, the catch was that if you were logged in at a top secret level and got a secret email and wanted to reply, you had to log out and secretly log back in, or drill a hole in the model: a scenario he described as one that “became very frequent.”
The second mistake involved VAX SVS, a virtual machine monitor for architecture. Lipner said that “nobody wanted a system that secure” and the eventual move to PCs and consumer technology left this idle.
The third mistake was around the Digital Ethernet Secure Network Controller (DESNC), as whilst he worked at DEC in the 1980s, Ethernet was adopted and DESNC was eventually dropped as the hardware was too costly and its performance too limited.
The fourth mistake was involved the Gauntlet firewall, an early application proxy firewall which was intended as protection against exploits running against the send mail client. Lipner admitted that not enough investment was made in its management, and the launch of the Check Point firewall 1 with GUI and NT support killed the project off.
The fifth mistake was inventing a key escrow system. He said that he “went down the path of building and selling packages of software tool kits,” but lessons should have been learned from Gauntlet, as if a GUI and transparent capabilities had been added, it may have succeeded. However, not doing that brought its end, whilst the government abandoning the key escrow mandate also brought an early end.
The final mistake was the ‘think like a hacker’ concept, where he encouraged all development on the next version of Windows to be stopped to wait for review. Saying this was met with skepticism, no one had done that, “so we invented what to do on the fly.”
Concluding with lessons learned, Lipner said that as well as lost investment, it was important to realize that the customer is always right, “even if they are wrong,” and it is best to decide what they want and come to a compromise.
He also encouraged usability to be considered, as if something is too complicated, users will work around it or use another product. He also encouraged delegates to push the time to market fast, as some of the ‘mistakes’ could have been pushed out in half the time that they took.