The supposed security guru Bruce Schneier recently addressed the Infosecurity Show in London, questioning why the security industry exists at all.
Controversially, and rather simplistically, he seemed to suggest that the security industry’s existence indicates the willingness of other technology companies to ship insecure hardware and software.
“We shouldn’t have to come and find a company to secure our email. Email should already be secure. We shouldn’t have to buy from somebody to secure our network or servers. Our networks and servers should already be secure,” he said.
Oh yes, Bruce, D’oh! Why didn’t anyone think of that before? Genius!
Or, maybe, as Graham Cluley from leading security firm Sophos said, the dream is a long way from reality. “It would be great if robberies didn’t happen and if road accidents didn’t happen and if I didn’t stub my toe but what you have to realise is that software developers are human and humans make mistakes,” he said.
“I can’t imagine there ever being a 100 percent secure operating system, because a vital component of programming that operating system is human.”
Sure, it would be great if operating systems and other software were completely secure on their own, and if there weren’t a myriad of criminals and crackers wanting to commit cyber-crime, but the fact is that this is a constant war.
Notice I didn’t crack any bad jokes about Microsoft, either.