Does security nirvana exist?
I know, I know. I can answer that question with a resounding “NO” and get on with things. But seriously, what does it take to even approach security nirvana? I mean really, there are so many people spouting theories about where we need to go to make the Internet secure. Then there are a bunch of frickin’ criminal scum suckers over in Russia and China and America and wherever doing everything thing they can to keep fifteen steps ahead of us trying to plug the holes. And then I take a closer look to see if we really are even plugging the holes (selling product sure as hell doesn’t do it).
Seriously folks, I know the answer to the question. But how can we keep going down this road if we can’t even approach a state where we don’t have to look over our cyber shoulder every night and day? What are we fighting for? Where did the fight turn into a battle for money instead of a battle for security? I also know we live in a capitalist society. I AM a capitalist. Nothing wrong with making a buck. But I feel like such a cog among a bunch of cogs. Where the hell is the wheel??
I know I sound depressed. And maybe I am a little. Maybe it is just because it is 12:35AM right now. But I just feel like so many of us have lost sight of what it takes to make things secure. Products have a fit in security. But with so many of us pushing product after product after product and not looking at security overall, where are we getting to? When did the industry turn into a churn and burn machine? This feels like a uphill battle, both ways, in the snow.
I know Alan will probably call me a young, naive punk again (OK, he didn’t call me a punk), but sometimes I have to stop and make sure SOME of my ideals are still there. otherwise I just become a big glob of compromise, picking up the lint and dirt on my way to security hell…