1/ In researching #breakingsmart, I concluded security is Achilles heel of pragmatic-Promethean rough consensus and running code philosophy
Conversation
Replying to
2/ Here's an interesting thing on state of IoT security, HT
2
1
4
Replying to
3/ Original Internet security culture was/is weak because of some mix of RCRC-RERO, NSA, key leverage ideas like blockchain being in future
3
1
Replying to
4/ Another angle I've learned from DevOps people (see 'Phoenix Project') is security concerns can drive irrational decisions
1
2
4
Replying to
5/ State of s/w security culture: industry spends too much on security theater that does nothing, too little on fundamental advances
2
6
8
Replying to
5/ I think one reason for this state is that security concerns, like usability concerns, fundamentally conflict with agility concerns
1
10
Replying to
7/ Both usability and security as conceived today seem to require systems-level mental models of full product in like week 1 of project
3
3
13
Replying to
9/ So InfoSec people, like design people often seem to feel ignored and underappreciated until a crisis makes their role important
1
1
7
Replying to
10/ So one question I'm tracking with interest is whether IoT repeats pathologies of original web evolution or figures out "agile security"
4
5
10
Show replies
Replying to
also security is like many political issues that don’t change. When asked everyone says they’re worried. But it’s no one’s top priority
1
3
4
Replying to
e.g. I've spent my career helping folks do exactly this.
Replying to
I suspect machine-machine interfaces are the worst to face.



