Warning: Don't Say the King Has No Clothes: Page 2
|Recent Alignment Articles|
Shaping Your Enterprise Privacy Management
'Tis the Season (To Get Scammed)
TSpam Bust: The Lessons of Yesmail
And, using that as a cue, why shouldnt we follow suit here in the information security world? Rather than criminalizing those that point out the bugs and flaws in our systems, lets fix the problems.
We can even cite the transportation industry as a model in this regard. When accidents happen, tragic as they invariably are, the investigators study the accidents in minute detail and go to extreme measures to ensure that those same problems arent likely to happen again. Yes, I am well aware of what gets written about the vulnerabilities in our systems, but then why do we keep finding the same mistakes made over and over and over again? Why werent buffer overflow attacks eradicated after Morriss 1988 Internet worm?
Sure, some problems are a lot more difficult than others to fix. Some require us to go back to the drawing board and do things the way we should have in the first place. That fact, all by itself, is a highly compelling argument to be made in favor of robust software security engineering, to be sure. (Dont even get me started on that )
But, no matter how we end up addressing the problem, lets be sure to not forget it is the emperors fault for not wearing clothes, not the kids fault for simply pointing it out. Thats not such a tough principle, is it?