
We expect cars to come with brakes, so why are we happy to pay again to secure our technology?
Published: 26 April 2007 09:31 BST
Outspoken author and security guru Bruce Schneier has questioned the very existence of the security industry, suggesting it merely indicates the willingness of other technology companies to ship insecure software and hardware.
Speaking to silicon.com at the InfoSec show at London Olympia this week - a leading trade show for the security industry - Schneier said: "The fact this show even exists is a problem. You should not have to come to this show ever.
"We shouldn't have to come and find a company to secure our email. Email should already be secure. We shouldn't have to buy from somebody to secure our network or servers. Our networks and servers should already be secure."
Schneier, CTO at Counterpane, said his own company was bought by BT last year because the network realised the need for security to be a part of any service, not an add-on at additional cost and inconvenience to the user.
-- Graham Cluley, senior technology consultant, Sophos
His words echoed those of Lord Broers, chair of the House of Lords science and technology committee, who suggested every company - from operating system and application vendors to ISPs - needs to take greater responsibility for the security of end users.
Schneier said: "Security is a small but important piece of the bigger picture," adding consumers shouldn't accept any product that is inherently insecure.
However, Graham Cluley, senior technology consultant at Sophos, suggested Schneier's dream is a long way from reality. "Why didn't everybody think about this sooner?" he said. "It would be great."
Cluley added: "It would be great if robberies didn't happen and if road accidents didn't happen and if I didn't stub my toe but what you have to realise is that software developers are human and humans make mistakes.
"I can't imagine there ever being a 100 per cent secure operating system because a vital component of programming that operating system is human."
Speaking to silicon.com, Jon Collins, service director at analyst house Freeform Dynamics, expressed his own doubts about the value of the security industry but said it will always be fed by dual forces of end-user error and the shipping of insecure products.
He said: "I always used to think the security industry existed to make people scared and then sell them something to protect them from what they were afraid of. But now I think it exists because of what people are prepared to buy," adding that security investment tends to be reactive to a problem a company has already suffered - making security a "fire extinguisher industry".
But Collins added it's not true to suggest user reaction is always due to inherently insecure software or hardware. "Even if everything was secured the end user would still find a way to configure it wrong or install it wrong or enable the wrong privileges and permissions," he said.
I see that Graham Cluley is looking at his own job...
Simon Bain
Can he define where security starts & software end...
Tony Whitby
Buffer overrun seems to be the major source of sec...
misceng
Cars come with brakes, yes, but despite that there...
Will McMeechan
The wide area network cannot be truly policed simp...
Dr John Dimmock
A SAP FICO Consultant is required to join an End User based in the North East. The company has a heavy focus on the effective development of the SAP ...
A SAP SD Business Systems Analyst to join a global SAP end-user based in Bedfordshire. You will extensive experience in SAP R/3 configuration, ...
The chosen candidate will be providing a full range of Human Resources Employee Relations support and to advise/support line managers with the ...
CIO Agenda 2008
The exclusive silicon.com CIO Agenda 2008 survey looks at the CIO's tech shopping list for the year, examines whether IT budgets are rising or falling and reveals what the pain points are for tech chiefs this year. Find out more in our latest special report.
Staffing Service Coordinates Sales Activities, Utilizes Business Intelligence With...
Teachers Association Turns to Centralized Data Repository to Improve Member Service
Financial-Software Leader Credits Productivity Boost, Reduced IT Costs to 2007 Software
Staying Ahead of the Curve: Oracle Database 11g vs. Microsoft SQL Server 2005
Stories from the web...
Copyright ©1995-2008 CNET Networks, Inc. All rights reserved. Top of page
silicon.com Dear silicon.com... XP lives, the femtocell 'truth', BlackBerry bashing… Reader Comments of the Week
Martin Brampton The Brampton Factor: Open source 'brotherhood' closed to co-operation Where's the real sharing?