« Information Security Reading List | Main | Web 2.0 Security - The Beginning of the End or The End of the Beginning »



While I don't disagree with your assertions, I don't know that you're being altogether fair. There has been a constant pace of innovation in security technologies over the past 10 years. However, innovation does not immediately translate to deployment. Just look at how long it's taken businesses to relent and deploy disk encryption. We're seeing the same thing with encryption of certain types of data, too, thanks in part to PCI. Now we'll also begin seeing some improvements in web app security, thanks also to PCI. So, I would put the responsibility, not on the heads of the security industry, but on the companies that still view security tools as frivolous overhead costs that aren't really needed.

Marinus van Aswegen

I think the key problem is that attackers don't have to follow the rules defenders have to. This constrains innovation. It's even worse when defenders have to contend with additional constraints which have no baring on security but panders to the needs and wants of users. It's an arms race, a very unfair one.

The comments to this entry are closed.