Online security is a horrifying nightmare. Heartbleed. Target. Apple. Linux. Microsoft. Yahoo. eBay. X.509. Whatever security cataclysm erupts next, probably in weeks or even days. We seem to be trapped in a vicious cycle of cascading security disasters that just keep getting worse.
Why? Well β βComputers have gotten incredibly complex, while people have remained the same gray mud with pretensions of godhood β¦ Because of all this, security is terrible β¦ People, as well, are broken β¦ Everyone fails to use software correctly,β writes the great Quinn Norton in a bleak piece in Medium. βWe are building the most important technologies for the global economy on shockingly underfunded infrastructure. We are truly living through Code in the Age of Cholera,β concurs security legend Dan Kaminsky.
Most of which is objectively true. And itβs probably also true, as Norton states and Kaminsky implies, that a certain amount of insecurity is the natural state of affairs in any system so complex.
But I contend that things are much worse than they actually need to be, and, further, that the entire industry has developed learned helplessness towards software security. We have been conditioned to just accept that security is a complete debacle and always will be, so the risk of being hacked and/or a 0-day popping up in your critical code is just a random, uncontrollable cost of doing business, like the risk of setting up shop in the Bay Area knowing that the Big One could hit any day.
The good news is that we seem to finally be nearing the point at which the Internet collectively decides that much stronger online security would probably be a good idea. The bad news is that the most powerful entity on Earth appears to be virulently, bitterly opposed to any such development. But there is no natural law requiring that software be as fragile and vulnerable as most of it is today. We as an industry allowed that to happen β and if we want to, we can fix it.[READ FULL ARTICLE HERE](http://techcrunch.com/2014/05/24/the-internet-is-burning/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29)