I just gave someone the advice without being asked (ignoring all i know about „nonviolent communication“ – sorry for that!) to include a „Scope“ in his blog:
- he wrote an article how to setup a Raspberry-Pi but skipped all security considerations about how to setup a productive computer system.
- many readers of his blog don’t have a clue how to harden a linux-operated Raspberry-Pi.
- those readers need at least a hint:
- „there are additional steps required“
- or even better, concrete advice:
- „what to do next“ – maybe in a follow-up article.
How many people are part of a bot-net since the’ve been following incomplete internet blogs?
I should read my own book?
Of course, my blog lacks a scope, too – i’ll prioritize this on my todo-list.
I think, it might be worthful to never forget or ignore security considerations according to RFC 2223 Section 9 https://tools.ietf.org/html/rfc2223#page-11:
All RFCs must contain a section near the end of the document that discusses the security considerations of the protocol or procedures that are the main topic of the RFC.
Those guys had to learn it the hard way since „all“ protocols defined by IETF-RFC where inherently insecure. DNS? TFTP? FTP? Security? Not part of the „Scope“ 😉
I’d like to propose:
All Blog-Articles must contain a section near the end of the document that discusses the security considerations of the procedures that are the main topic of the Blog-Article.