| Analogy to safes, TL-15,
TL-60, F-30 |
|
| We explicitly blame the
designer: systems are deployed
in the real world, not a lab.
Ease of administration matters.
Why Johnny canŐt encrypt.
Your grandmother has to remove spyware. |
|
| Why do we hypothesize, test
and repeat? |
|
| Survivability time, not
survivability average: Variance
matters. Mean & median
matter |
|