[attrition] New Article: Why Internet Security Continues to Fail

[security curmudgeon]

Why Internet Security Continues to Fail
Richard Forno (c) 2006. (Original: 2006-08-07)
http://www.infowarrior.org/articles/2006-01.html

In his public farewell to the Internet security community three years ago 
this month, famed security researcher Rain Forest Puppy (RFP) opined that 
the Internet security community was allowing commercialism to trump common 
sense security thinking ­ a situation that he believed led to the growing 
Internet insecurity problem.

Indeed, free-market financial interests and an unhealthy complacency from 
vendors and customers alike continue to overpower sound security logic and 
practices to establish a technology landscape nearly impossible to 
protect. While perhaps the security situation is deemed acceptable or 
Œgood enough¹ given that endeavors to improve it remain an apparent 
exercise in futility, the argument can be made that its causes are 
cultural rather than technical in nature -- and subsequently marginalized 
or overlooked as a result.

< - >

These issues demonstrate briefly that the major obstacle to significant 
progress toward sound information security is not technical, but cultural. 
Assuming that the current state of insecurity is not acceptable and that 
serious improvements actually are demanded by customers, changes far 
beyond technology innovations must occur if any truly effective security 
benefits can be realized. However, technology is only part of the total 
security solution: if the self-serving business drivers of the information 
technology industry are not overcome and customer-side management cultures 
continue facilitating this ongoing exercise in security futility by 
rejecting a holistic commitment to real risk management, information 
protection products, policies, and practices that yield tangible benefits 
aligned toward these noble goals never can be achieved.

http://www.infowarrior.org/articles/2006-01.html