« Choosing the Right Security Metric | Main | Metricon 2.0 Draws Near »

Comments

Iang

It's only crazy from an outsider's pov. From the security of financial systems pov it is quite logical, if uncomfortable.

It is pretty clear that the whole world of systems and security is a mess. Banks and other FIs have long known that it is practically impossible for them to secure all these systems.

Hence, all of the FI systems rely to a dominating extent on a closed system and high levels of trust. In such an environment, adding security to something like FIX is not only a distraction, it's probably dangerous and certainly costly.

Discussions about session layer security are just nuts; if there's one thing we've learnt from 2 decades of ISO nonsense, it is that it is that bolting on security layers to any application protocol is not satisfactory. To bolt on WS-Security and such add-ons would be to suggest that all security requirements are the same everywhere.

The comments to this entry are closed.