In a discussion of the RSA 2008 conference lineup on the cap-talk list, Mark Miller provided an analogy that gets to the heart of the frustrations I feel about most of the work that is available in the (commercial) computer security world:
We're on a sinking ship that has been kept afloat by a vigorous bailing process. Early on, some people expressed an interest in actually fixing the holes. But these efforts were not immediately successful, and most of those folks went on to other things. Now, the holes have gotten bigger, the bailing is less effective, and the ship is carrying a lot more valuable cargo. But there are a lot more people bailing, they are well paid, and hardly anyone believes any alternative is possible. After all, bailing is what's worked so far.
Posted in security at 2008/04/04 10:08; 0 comments
< Conincidences | Book meme >