[$] Antipatterns in IoT security

Lots of interesting talk about the fundamentals of a secure system and it’s applications to computers.

Quote I liked (empahasis mine):

The most basic security antipattern is to “do nothing”. That means accepting any and all risk, though. Another is to “do it yourself”; that leads to thinking the system is secure because of custom elements, such as non-peer-reviewed cryptography algorithms or implementations and security through obscurity. “Hand-rolled” security systems have not fared well over the years—developers have learned that implementing stream ciphers, for example, should not be tackled in-house. But there is still a fair amount of security by obscurity, such as “super unguessable URLs”. If a product becomes successful, which is what you want, the unguessable will become all-too-guessable.

Source: [$] Antipatterns in IoT security