Wouldn’t it be nice if, instead of putting this college kid in jail, we actually fixed the underlying problems he pointed out in the passenger screening system? Perhaps that’s just too naïve an idea to survive in the real world, but it seems like a far more appropriate thing to do if you ask me.

Recent Alignment Articles
Shaping Your Enterprise Privacy Management

'Tis the Season (To Get Scammed)

TSpam Bust: The Lessons of Yesmail

Pirated Vista, Office 2007 Already on The 'Net

FREE IT Management Newsletters

And, using that as a cue, why shouldn’t we follow suit here in the information security world? Rather than criminalizing those that point out the bugs and flaws in our systems, let’s fix the problems.

We can even cite the transportation industry as a model in this regard. When accidents happen, tragic as they invariably are, the investigators study the accidents in minute detail and go to extreme measures to ensure that those same problems aren’t likely to happen again. Yes, I am well aware of what gets written about the vulnerabilities in our systems, but then why do we keep finding the same mistakes made over and over and over again? Why weren’t buffer overflow attacks eradicated after Morris’s 1988 Internet worm?

Sure, some problems are a lot more difficult than others to fix. Some require us to go back to the drawing board and do things the way we should have in the first place. That fact, all by itself, is a highly compelling argument to be made in favor of robust software security engineering, to be sure. (Don’t even get me started on that…)

But, no matter how we end up addressing the problem, let’s be sure to not forget it is the emperor’s fault for not wearing clothes, not the kid’s fault for simply pointing it out. That’s not such a tough principle, is it?