http://blogs.msdn.com/b/david_leblanc/archive/2010/05/28/you-don-t-have-to-be-faster-than-the-bear.aspxNote – this post disappeared during the blog upgrade, recovered due to search cache. Just got done reading Michal Zalewski's really interesting post on the Zero Day blog, found here. His premise, which I don't debate, is that we've done a lousy joben-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)http://blogs.msdn.com/b/david_leblanc/archive/2010/05/28/you-don-t-have-to-be-faster-than-the-bear.aspx#10019487Thu, 03 Jun 2010 15:00:30 GMT91d46819-8472-40ad-a661-2c78acb4018c:10019487Alan J. McFarlane<p>The link to the blog article, lost from the original article, is:</p> <p><a rel="nofollow" target="_new" href="http://www.zdnet.com/blog/security/security-engineering-broken-promises/6503?tag=mantle_skin;content">www.zdnet.com/.../6503</a></p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10019487" width="1" height="1">http://blogs.msdn.com/b/david_leblanc/archive/2010/05/28/you-don-t-have-to-be-faster-than-the-bear.aspx#10017265Sat, 29 May 2010 10:47:53 GMT91d46819-8472-40ad-a661-2c78acb4018c:10017265Fleet Command<p>What? But that is exactly what I and others have been expecting all along ... Are you saying that the fact that you don&#39;t have to outrun the bear has only so recently reached you, David?</p> <p>[dcl] No, not at all. That part is obvious. What is not so obvious is that we keep expecting security to be binary - either something is completely secure, or it is insecure. In reality, it is a function of time.</p><div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10017265" width="1" height="1">