OK, OK, I will shut up :-) Just this last thing: a fun interview with Marcus Ranum here.
As usually (mmm.. make that 'AS ALWAYS'), Marcus Ranum is heavily pessimistic: "And, as a consequence, security is going to be permanently in the "expense" column [A.C. - and what, pray tell me, is wrong with that? Door locks are an expense too...] and it'll be a legal mitigation/triage game played by executives and lawyers, with the security guy's job consisting mostly of hovering over the system admin's shoulder to make sure that they actually clicked the "on" button where it says "security."
So - I think security's about to suffer a mental and financial heat-death. Frankly, we deserve it. If you look at what security has accomplished in the minds of most IT execs, during the last 10 years, it has been an endless stream of annoying bug-fixes. All the positive [A.C. - positive stuff? In security which is inherently 'anti-X' or, more softly, about 'not having X happen'? What do you mean? :-)] stuff is completely overwhelmed by the flood of mal-this and mal-that and the constant yammering for attention from the vulnerability pimps."
Enjoy the rest!
No comments:
Post a Comment