But really, it’s not like that…
The things we’re trying to accomplish with our network (providing services) involve many layers acting in harmony
Transactions flow up and down a stack, and we don’t control all the layers
It’s important to consider the security of each element, and to be clear about which ones have to be secure in order to deliver our service acceptably
Who owns security of the app?
DBA? OS admin? Developer? WS admin? “Security guy?”