It may be true that "Plus ça change..." in security, as you and Marcus Ranum suggest. But the nature of the Internet has been changing dramatically in the last decade. So have the requirements for security.
Remember that access to the Internet was once confined to a small number of like-minded people, mostly Americans in academia and government. It is now open to everyone, with an endless variety of expectations for the Internet, and an endless variety of approaches to it.
By analogy, the Internet was a small town. It has become New York. We didn't need to lock our doors before, now we do. We could safely walk anywhere, anytime. We now must be more careful.
And the changes continue. For one thing, the nature of the bad guys is changing. Instead of solo bandits, they are forming gangs and, perhaps, larger, more institutional agglomerations.
In this environment, is it surprising that things seem to be getting worse?
Two people responded, but neither disagreed with me, in truth.
Something I did not say is that we may be up against a paradox: if we improve how we count something, there may be more of it, whereas it is simply our improvements that account for the increase. With computer security, we have more people, both black hats and white hats, looking at vulnerabilities than we have ever had before. Not surprisingly, they are finding them. It would not be surprising to find, five years hence, that many of our current worries were past. Not that I'm counting on it.
No comments:
Post a Comment