I spent most of Saturday assembling Ikea furniture for my mother-in-law’s new seniors apartment. Those Swedes are ingenious - by selling unassembled furniture in flat boxes, they lower their shipping costs and push the assembly costs onto their customers. It’s a cost tradeoff, of course: my mother in law’s purchase price was much lower, and to her the labor was free - such a deal!
As I blistered my palm twisting cam locks and skinned my knuckles inserting metal doodads into pre-drilled holes, I started thinking about how far from this type of delivery and assembly we are in security. To make most security controls work, it takes a lot more than a screwdriver, a pair of pliers, a hammer and a five page cartoon-ish set of instructions with no words at all.
What it really comes down to is security engineering is still an oxymoron - Mary Shaw of Carnegie Mellon wrote a great paper in 1990: “Prospects for an Engineering Discipline of Software” where she compared the state of software engineering to civil, chemical, and electrical engineering disciplines and pointed out how far software had to go. Eighteen years later we still ain’t there yet - there is still no handbooks of materials or table of elements for software. We now have glimmerings of secure development life cycles, but still can’t sell the software equivalent of chemistry sets or erector sets - or the equivalent of cam locks and metal stud doodads to allow any size chest of drawers to be made out of a bunch of particle board pieces.
Until software settles down the threats can’t settle down and Ikea for InfoSec can’t happen. My skinned knuckles and sore knees thank you.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.
Leave a Comment