It is tough to sell the idea of jogging and broccoli when people want cheeseburgers and malts. Books about breaking into systems sell a lot more than books about securing systems so they are harder to break into.
But often its the boring stuff that is most important, I like reading Robert Kaplan, and he comes up with some good stuff, but he clearly is after a *story*. Here is a post on this by Tom Barnett:
Globalization is boringARTICLE
Robert Kaplan on the New Balance of Power, By Trudy Kuehner, April 2008, Foreign Policy Research Institute E-NotesWhy balance of power thinking is so attractive to writers is its essential zero-sumness: any "rise" equals somebody else's loss. As such, analysis can be presented in the desired "who's up and who's down?" format so loved in DC.
The economics, as always with Kaplan, is muted beyond the always underlying subtext of coming resource wars ("Oil! We must have oil, my good sir! "). The stunning rise of globalization's network trade is, sadly, a poor relation in such discussions, because it depresses those who focus on "power" and "competition" and the like. Real integration is boring. There are no imperial corollaries from the 19th century. There's no romance. It just plain sucks. There's no who's up or who's down. No good visuals. Hard to explain. "Great games' sound just so much more exciting.
Oh well, there's always pirates ...
Barnett's books are must reads if you want to have any clue about what is going on in this century. Barnett's first book "Pentagon's New Map" points out the issues when technology and economic integration outpaces security. This book has outsold the follow on "Blueprint for Action" even though when the second was published Barnett was a far better known writer because he just wrote a best seller. The reason as Barnett says is that people love diagnoses, they don't love prescription.
Look at the size of breaker conferences like Blackhat and Defcon, great conferences to be sure, but where is the commensurate builder conference? To the extent there is focus on infosec issues it is mostly on the threats. They are the most fun "there's always pirates ..." and all that, but it really misses the point when there is nowhere near the focus on building secure apps. The closest thing to a big builder conference is OWASP (again a great conference) but even there is a ton of breaker talks. I am not in any way against breaker talks/cons, just want to see more builder focus. Even if its boring to some its still important.
Comments