User:Sweerek/Malice engineering

From Wikipedia, the free encyclopedia
Jump to: navigation, search

Malice Engineering is the defensive, proactive security discipline, art, and skill of designing and building systems to resist adaptive, dynamic, intelligent malicious actors.

The term combines aspects of malice the legal term, Bruce Schneier's definition of security[1] and security engineering.[2] Just as civil engineers may design bridges to resist the static law of gravity, malice engineers proactively design systems to resist other's attempts to disrupt those systems. This skill is used for both designing and building security-specific products but also for building security in to products themselves. Usage of the term is usually within the realm of physical security and computer security.

Countering malice engineering defensive efforts are the disciplines of hacking, reverse engineering, vulnerability research, malware creation, and penetration testing when used in a malicious, offensive manner.

As Brian Snow noted in his Nov 2011 speech, "Defeating Malice is our Job".[3]

This term has nothing to do with the race car and construction company "Malice Engineering" in Rennes, France.[4]


  1. ^ In Beyond Fear on page 12 Bruce Schneier defines security as "preventing the adverse consequences from the intentional and unwarranted actions of others."
  2. ^ Ross Anderson's widely recognized "Security Engineering: A Guide to Building Dependable Distributed Systems" defines security engineering as "building systems to remain dependable in the face of malice, error or mischance".
  3. ^
  4. ^