I happened across another useful metaphor today. Think about what would happen if you could just buy an aircraft, climb aboard, and take off down the runway. Pardon me for pointing this out, but that is exactly the vision of computing that has been sold to consumers. Where do you want to go today? The sky is the limit.

The problem turns out not to be so much in taking off as in landing. People like me who build these systems and think about security fundamentals tend to have learned this firsthand, and frankly we're eager to share our experience with anyone who will listen. But who wants to trouble themselves about landing when taking off seems like so much fun?

Yes, there's great money to be made in selling aircraft, and even in cleaning up the wreckage. But we eventually learned that it was more effective to regulate the aerospace industry and to set design and safety standards than to let the free market determine what was best for the consumer.

I expect that the same will happen in due course for information security. We're getting rather tired of the wreckage already, and as Mark Burnett points out, there are many foreseeable problems that can be avoided through principled design and its practical application in daily operations.

Meanwhile, don't forget to pack your own parachute. Maybe even take some flying lessons.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/279/29295#29295