The Security Thread - September 11, 2005

Marcus Ranum brings a strong analytical frame of mind in his brilliant analysis The Six Dumbest Ideas in Computer Security. You need to read it!

It's amazingly refreshing to find someone who shares a similar view of the problem, and it's solution. He brings a fresh Engineering approach to the problem, something sorely needed as an antidote to the blame shifting and bandaid of the month game we currently play. He says a lot of things better than I have, tying together some of the loose threads. He gets bonus points for the linkage to words from my hero, Richard P Feynman.

Microsoft isn't likely to solve the security problem, as pointed out in this analysis of their likely reaction by Stuart Gathman. I agree that their most likely response is to try to get their monopoly locked down into the hardware, rather than solving the actual problems of security.

We really need to fix this problem, and Microsoft doesn't have the motivation to do it for us. Since we can't move that mountain, we're going to have to do it ourselves, as a grass roots effort.

The guiding principal for this task should be the closing line from Personal observations on the reliability of the Shuttle, by R.P. Feynman.

For a successful technology, reality must take precedence over public relations, for nature cannot be fooled.