Mitigating risks … is a waste of money?

There was an interesting talk at one of the panels at the RSA Conference, where SilverSky and Adobe claimed that investing in security is a waste of money. Their message is simple and compelling:

“For most companies it’s going to be far cheaper and serve their customers a lot better if they don’t do anything [about security bugs] until something happens. You’re better off waiting for the market to pressure on you to do it.”

Although they say that this was all in pretense, we all know it was not, companies large and small try to avoid fixing problems as long as they can, waiting for customers to complain loud before ever doing anything. Basically, this is a risk that companies rate as unimportant because of its low perceived rate of occurrence.

The problem with this kind of risks that they cannot be properly rated. The probability of these risks is hard to rate because the data is basically unavailable. And the impact of the risk is underrated because of low perceived probability. People tend to ignore such risks.

But the companies, can they also afford to ignore such risks? What has to be considered is that a …
Read the full article ->

Technology vs. People

A well-known expression used an abused millions of times over the history of the mankind says that the weapons do not kill people, other people do. The meaning is, of course, that the knife is just a tool and it is up to the hand wielding the knife to put it to use – good or bad.

In fact, all of the technology is like that. The technology can be put to serve people or it can be used to deceive people. I think that recently most technologies are used to deceive people and more and more technologies and techniques arrive every day that serve this same purpose. They could be put to good use, serving people and helping us on our evolutionary path but, no, they are not. Instead, they are all abused.

I used to argue and fight against such uses of technology (that I consider to be rather abuses) but to no avail. And now I realize that it is no use fighting against it. As Antoine de Saint-Exupery says, you never fight “against”, you always fight “for”. So it is necessary to fight for the proper uses of technology, put all those resources to the service …
Read the full article ->