I went to see a guy from the NSA who was speaking in the Computer Science department today. It was supposed to be about network security. It turned out to be a weird, and relatively uninteresting, recitation of the process that the NSA uses to assure that network devices are secure. The process was described at such a high and abstract level, with absolutely no examples or anecdotes, that it was nearly meaningless.
First we read all of the relevant documentation. Then we check the configuration of the device to make sure that it matches the documentation. Then we check the device's services, to make sure they actually perform the function required. Then we study the source code and the output, to look for potential vulnerabilities, for example places where range checking isn't properly performed on user input.
It was too bad he couldn't actually ground any of these points with some kind of real example -- I guess they're all classified or something. He repeatedly described how "lives might depend on these services", but that didn't really make the description of the process anymore exciting.
It was like trying to describe going up and down in a building without being able to actually use any relevant words, like "elevator" or "steps".
So you have this device. You push a button and then walk into it and when you leave it, you're vertically closer to your destination. On the other hand, you might use a manual device that involves putting your feet on graded, sequentially higher or lower surfaces.
Boring.