Too many organizations want 'fire and forget' technology, or at least 'fire and forget' security. They balk at spending for secure, robust planning, implementation, administration, and maintenance of their technology infrastructure. They want a 'silver bullet'; they want to 'get security' or 'get technology' and then forget about it until the next crisis/hot gimmick comes along, then they want 'that new thing now'.

On the other hand, we are paying 'engineers to swing hammers' in our software development shops, and relying on the assumed quality of the individual code writer to guarantee the quality of the end product, and at the same time not holding them to the same standards to which we hold those who produce physical technological products.

*Everyone* is responsible. Vendors, integrators, buyers, users. The more fingers are pointed, the longer we will all remain vulnerable to the subhumans who seek to exploit our collective exposure.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/74/11899#11899