Matthew GarrettTrying to convince my students that having all your security policy changes include a design doc describing the status quo, the desired outcome, why this change will achieve it, why alternatives were rejected, and then implementing it via some automation schema so it can't accidentally be reverted for no obvious reason is good actually
They have apparently never known the pain of it being literally impossible to determine why something is the way it is and having no idea whether changing it will break anything
Aristotelis Tzafalias"Theory is when you know everything but nothing works. Practice is when everything works but no one knows why. In our lab, theory and practice are combined: nothing works and no one knows why."