UPDATE: Maintenant plus d’une quinzaine d’années!!!

Il y a une dizaine d’années, Microsoft publiait les 10 lois immuables de la sécurité. Ces 10 lois m’ont beaucoup aidé à vendre mes dossiers par le passé. Depuis, ils ont décidé de les rafraichir au goût du jour, à la 2.0 😉 Croyez-vous qu’en 10 ans, nous avons beaucoup avancé sur ces 10 lois?

The 10 Immutable Laws

  • Law #1: If a bad guy can persuade you to run his program on your computer, it’s not solely your computer anymore.
  • Law #2: If a bad guy can alter the operating system on your computer, it’s not your computer anymore.
  • Law #3: If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore.
  • Law #4: If you allow a bad guy to run active content in your website, it’s not your website any more.
  • Law #5: Weak passwords trump strong security.
  • Law #6: A computer is only as secure as the administrator is trustworthy.
  • Law #7: Encrypted data is only as secure as its decryption key.
  • Law #8: An out-of-date antimalware scanner is only marginally better than no scanner at all.
  • Law #9: Absolute anonymity isn’t practically achievable, online or offline.
  • Law #10: Technology is not a panacea.

http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx

https://technet.microsoft.com/en-us/library/hh278941.aspx