Comments on “Develop and mandate intrinsic cybersecurity”

Add new comment

'Worse is (probably) better'

Kenny 2023-02-19

I’m of (at least) two minds about this.

I’m a professional programmer (i.e. ‘software developer’ or ‘software engineer’), and I, personally, prefer the ‘correctness’ (‘better’) end of the ‘worse versus better’ or ‘good-enough versus correct’ spectrum.

But I also admit (and, previously, grudgingly) that my colleagues on the other (‘worse’) end of the spectrum are often generally more effective than I am, and the benefits mostly outweigh the costs too.

I suspect the tradeoffs being made aren’t too terrible either, generally, as many security failures involve ‘trusted insiders’ (e.g. human users), against which no amount of better computer security can protect. Most experienced professionals use cryptography pretty sensibly nowadays, but no cryptographic system can withstand ‘rubber hose cryptology’.

I’m also greatly disappointed in the various acts/bills like GDPR. I’m sympathetic to their aims, but they’re extremely unfriendly! Their plain language (‘reasonable’) interpretations are severe, or seemingly contradictory, and it’s not clear whether that’s so they can better serve as cudgels to be wielded against the biggest companies. It’s disheartening that there aren’t clear concrete guidelines for complying with their aims.

Add new comment:

You can use some Markdown and/or HTML formatting here.

Optional, but required if you want follow-up notifications. Used to show your Gravatar if you have one. Address will not be shown publicly.

If you check this box, you will get an email whenever there’s a new comment on this page. The emails include a link to unsubscribe.