On Human Fallibility

I know it’s not news, but it winds me up that there’s a whole industry out here that depends on software faults and basic failings. The information security industry (including my books and company) wouldn’t exist if software manufacturers and others did their job properly – calling their failings ‘vulnerabilties’ is nice, but it doesn’t change the reality.

And new products are launched that just aren’t good enough – take Instant Messenger – or wireless – and now VoIP – and it even appears that VPNs aren’t up to scratch – “right first time” is a pretty hard concept, isn’t it? For instance, I thought I’d done an excellent job on the updae version of my book, but the copy editor came back with nearly 30 queries – and she hasn’t told me how many she just corrected without mentioning them.

Of course, I like it that there’s a business opportunity for us all, but I can’t help wondering how much better at fighting the bad guys we would be if we didn’t have to spend so much time filling the holes left by our own side.