LESSWRONG
LW

Wikitags

Security Mindset

Written by abramdemski last updated 16th Feb 2022

Security Mindset is a predisposition for thinking about the world in a security-oriented way. A large part of this way of thinking involves always being on the lookout for exploits. 

Uncle Milton Industries has been selling ant farms to children since 1956. Some years ago, I remember opening one up with a friend. There were no actual ants included in the box. Instead, there was a card that you filled in with your address, and the company would mail you some ants. My friend expressed surprise that you could get ants sent to you in the mail.

I replied: “What’s really interesting is that these people will send a tube of live ants to anyone you tell them to.”

Security requires a particular mindset. Security professionals — at least the good ones — see the world differently. They can’t walk into a store without noticing how they might shoplift. They can’t use a computer without wondering about the security vulnerabilities. They can’t vote without trying to figure out how to vote twice. They just can’t help it.

SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”

Really, we can’t help it.

-- Bruce Schneier, The security Mindset, Schneier on Security

[I'm unsure of the origin of the term, but Schneier is at least an outspoken advocate. --Abram]

In 2017, Eliezer Yudkowsky wrote a pair of posts on the security mindset:

  • Security Mindset and Ordinary Paranoia
  • Security Mindset and the Logistic Success Curve

Amongst other things, these posts forwarded the idea that true security mindset is not just the tendency to spot lots and lots of security flaws. Spotting security flaws is not in itself enough to build secure systems, because you could be spotting flaws with your design forever, patching specific weak points, and moving on to find yet more flaws. 

Building secure systems requires coming up with strong positive arguments for the security of a system. These positive arguments have several important features:

  1. They have as few assumptions as possible, because each assumption is an additional chance to be wrong. 
  2. Each assumption is individually very certain.
  3. The conclusion of the argument is a meaningful security guarantee. 

The mindset required to build tight security arguments like this is different from the mindset required to find security holes.

Subscribe
3
Subscribe
3
Discussion0
Discussion0
Posts tagged Security Mindset
159POC || GTFO culture as partial antidote to alignment wordcelism
lc
2y
16
132Security Mindset and Ordinary Paranoia
Eliezer Yudkowsky
7y
25
106Security Mindset and the Logistic Success Curve
Eliezer Yudkowsky
7y
49
20Do yourself a FAVAR: security mindset
Ω
lemonhope
3y
Ω
2
317Six Dimensions of Operational Adequacy in AGI Projects
Ω
Eliezer Yudkowsky
3y
Ω
66
117Circumventing interpretability: How to defeat mind-readers
Ω
Lee Sharkey
3y
Ω
15
362My Objections to "We’re All Gonna Die with Eliezer Yudkowsky"
Ω
Quintin Pope
2y
Ω
233
362Security Mindset: Lessons from 20+ years of Software Security Failures Relevant to AGI Alignment
elspood
3y
42
131Conjecture: Internal Infohazard Policy
Ω
Connor Leahy, Sid Black, Chris Scammell, Andrea_Miotti
3y
Ω
6
103Biosecurity Culture, Computer Security Culture
jefftk
2y
11
75AI Safety is Dropping the Ball on Clown Attacks
trevor
2y
82
72Builder/Breaker for Deconfusion
Ω
abramdemski
3y
Ω
9
70Duct Tape security
Isaac King
1y
11
69It's time to worry about online privacy again
Malmesbury
3y
23
55Security Mindset and Takeoff Speeds
Ω
DanielFilan
5y
Ω
23
Load More (15/53)
Add Posts