http://disqus.com/by/danpesserl/enMon, 17 Aug 2009 19:21:42 -0000http://www.room362.com/archives/621-simplicity-is-security.html#comment-14984990<p>Mubix, You have a big point here as we all know that security through obscurity doesn't really work and complexity is just a synonym. Have you looked at why things in IT require so much complexity? I found two pertinent aspects: human behavior and outdated technology. Put them together and ... BOOM! Most people are trusting and find it hard to think about how to do harm. Thus, technological implimentation of more secure solutions such as IPV6, secure ARP tables, secure DNS, cryptography and even the latest patches never get implemented in a timely manner. Being secure requires us to change our behavior. That takes a lot of work and there's no pill for it. As you say, in the US we want it all the easy way. In my opinion we will shift into a industry that will focus on education while having to provide very high abstraction for users as well as coming up with ingenious ways of keeping those users secure without them having to change their behavior too much. Technology isn't always the answer. What do you think?</p>danMon, 17 Aug 2009 19:21:42 -0000