[Dailydave] "The organization I belong to doesn't have initals"(that evil dude in Heroes)

[dan at geer.org]

 | I think the real point here is that the majority of people responsible
 | for security have a backwards mindset.  Most security practitioners
 | still don't make the assumption that everything is vulnerable and
 | design around it.  Of course IIS is vulnerable to an unpublished 0day.


so, should one write apps with the assumption that
will be running on compromised hosts?

--dan