A few days ago a friend of mine shared out an old editorial about lifeboats, parodying the objections to civil defense programs in the early 60s, from the Harvard Crimson. People haven’t changed much. The same type of arguments brought up time and time again when discussing the need for better education into software security/code quality, secure development lifecycle, and regular security assessment/bug hunting.
These can apply to quite a few aspects of securing systems. Everything from developer education, to sandboxing applications, to monitoring/auditing systems, and dozens of other areas. So without further commentary, here are a few selected points from the article that seem to apply to most:
- This program would lull you into a false sense of security.
- It would cause undue alarm and destroy your desire to continue your voyage in this ship.
- It demonstrates a lack of faith in our Captain.
- The apparent security which “life” boats offer will make our Navigators reckless.
- These proposals will distract our attention from more important things i.e. building unsinkable ships. They may even lead our builders to false economies and the building of ships that are actually unsafe.
- In the event of being struck by an iceberg (we will never strike first) the “life” boats would certainly sink along with the ship.
- Such a catastrophe is too horrible to contemplate. Anyone who does contemplate it obviously advocates it.