CSO Magazine ran this article on March 8, 2008:
Insanity - Doing the Same Thing Over and Over Again Expecting a Different Result
To quote:
A Gartner study indicates that 75% of security breaches are due to flaws in software...Do you think we would see a significant decrease in the number of data breaches and records stolen if we shifted our spend to actually writing proper code and protecting data at the source instead of at the edge? I think it is time we gained a few IQ percentage points and stopped the insanity.
I would tend to argue, unequivocally, yes. Absolutely yes. Our perverse and dysfunctional relationship with software, particularly insecure software, is not only insane, but outright madness. Those who have read my blog and Geekonomics know my mantra:
Insecure software sends an unmistakable message of disorder into the environment of cyber space. Small elements of disorder (like software vulnerabilities) invite greater elements of disorder, even cyber crime.
Cyber crime, in part, preys on the weaknesses software manufacturers themselves fail to detect before releasing/publishing the application into the global stream of commerce. To change the story of software, and thus the story of cyber crime, software manufacturers need different incentives to improve the quality and security of software.
Stop the rising trend of vulnerabilities, and thus the insanity, at its source. To do so is painful, difficult, complicated, and troublesome. Human endeavors of any significance are like this. I would argue History has taught us that much, at least.
Comments