Face Off

I don't think we're going to start building real security. Because real security is not something you build--it's something you get when you leave out all the other garbage as part of your design process. Purpose-designed and purpose-built software is more expensive to build, but cheaper to maintain. The prevailing wisdom about software return on investment doesn't factor in patching and patch-related downtime, because if it did, the numbers would stink. Meanwhile, I've seen purpose-built Internet systems run for years without patching because they didn't rely on bloated components. I doubt industry will catch on.

The future will be captive data running on purpose-built back-end systems--and it won't be a secure future, because turning your data over always decreases your security. Few possess the understanding of complexity and good design principles necessary to build reliable or secure systems. So, effectively, ...

That doesn't look like a very rosy future to me. It's a shame, too, because getting this stuff correct is important. You're right that there are going to be disasters in our future. I think they're more likely to be accidents where the system crumbles under the weight of its own complexity, rather than hostile action. Will we even be able to figure out what happened, when it happens?

Folks, the captains have illuminated the "Fasten your seat belts" sign. We predict bumpy conditions ahead.

< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   11  |   12  |   13  |   14  |   15  |   16  |   17  |   18  |   19  |   20  |   21  |   22  |   NEXT PAGE  >