April 07, 2009

Shpantzer's Law of Endpoint Security (Grand Belated Unveiling!)

Just going through some old emails this morning and I found this little unpublished gem. Revealed to the public for the first time, right here, right now (drumroll please...)

------------------------------------------------------------------------------------------
Title: Shpantzer's Law of Endpoint Security

Body: "The security of your endpoint (hence your network) is inversely proportional to the square of the number of applications installed on the endpoint."

------------------------------------------------------------------------------------------

This was from April 28, 2007. Hey, that's two years ago! Why didn't I publish this? I guess I'm just kinda shy that way sometimes...

Basically the issue emphasized here (did I mention this was two years ago, all the way back in April of 2007?) is that application security matters, on the client side too, and not just the OS.

Browsers, PDF readers, media players, apps for presentation, email, spreadsheets, you name it. They're all individually dangerous and can add vulnerabilities really quickly when combined. I surmised that the relationship between the number of apps and security is most likely nonlinear. Inverse square sounded good at the time!

I wonder what other buried treasure is in those old emails...

Gal

1 comment:

Security Leaders Group said...

I like it. But not the implicit coupling with network security. I think the two have to be separate. In fact I think you can have a secure network with completely insecure endpoints on it.

Keep digging in those unpublished emails. Maybe you solved global warming too!