Schneier Questions Security.

Publicated on : 1177864859
You probably know Bruce Schneier. Last week he was very outspoken on security when he visited Infosecurity Europe 2007. Schneier said:
- the fact this show even exists is a problem, you should not have to come to this show ever.
- we shouldn't have have to secure our e-mail, email should already be secure.
- we shouldn't have to buy security for our servers, they should already be secure.

Sure, I can agree on this one on some level. On the other hand I think that if hackers are given 30 years in prison for even trying to hack a system, security wouldn't be an issue also. But that isn't realistic, it is a dangerous proposal. I understand what Schneier is trying to say here. He wants the software vendors to take responsibility and held them liable for their insecure software. But it isn't that easy. Most security issues are water under the bridge. People make mistakes, no matter how professional you are. No matter how good you are at programming. Somewhere you are going to write insecure software.

It misses a few points which are inherently on security. One of the biggest problems is the arms race with usability and security. The ease of using computers are in analogues to weak security. Windows platforms are the best example, easy to use but insecure. To me, security can only do so much. There are borders of what security can do. I think in the end, it depends on the end users. How they install software and how they configuring it.

Next Schneier said that: "consumers should not accept a piece of software that is inherently insecure" This is something I can agree with, the software vendor needs to do all he can to secure it. Still, it isn't that easy.

Full security will never be reached, it's an utopia.