Rise up against Oracle class stupidity and join the infosec strike
Why aren't you, personally, stopping the moronocalypse?
Aux keyboards, citoyens!
Unfortunately, these issues will never get solved unless we make them a very real problem for the companies and governments we work for. These issues need to impact the bottom line in order to get through the haze of quarterly thinking. It will never be addressed unless we change our buying habits and take stands at our places of work.
So why do we keep believing it's not our problem? Why do we keep letting the short-termism reign? Why are we constantly willing to defend the rights of the already right to screw us all over with toxins and bombs and terrible wages and yet we won't band together to enforce minimum standards of information security on our employers?
Why are we so almighty important that we should be allowed to sit in our comfort zones and not rock the boat, when we know damned well that really bad decisions are being made that will affect tens or even hundreds of millions of people? Who are we that we feel okay with that?
The problem is only going to get worse until we, the industry professionals who can actually affect this, choose to step up. So when do we, dear reader, choose to employ the only methods of addressing the moronocalypse that will actually work?
There are things we can do. We can refuse to work on projects that, based on our professional opinions and experience are security problems waiting to happen.
Systems administrators can refuse to install hardware and software that they know can't be defended. IT managers can refuse to use services that we know are flawed. Developers can refuse to work on projects where adequate time has not been allocated for QA testing or where no security testing is being discussed or built in.
We can do these things. We should do these things. Even if they cost us our jobs.
We need to agitate internally within our organizations to stop buying from vendors who don't have a strong public – and practical – commitment to security. We need to stop buying consumer gear from companies that refuse to pay more than lip service to security. We need to show that we will use our wallets with purpose, not merely convenience.
Sadly, we also need to agitate for legislation. The market has completely and utterly failed to address the issue. People in positions of decision-making power need to be held accountable for security issues. Even if that means piercing the corporate veil.
Above all, we need professional associations that advocate and enforce ethics requirements... and we need to stop hiring people who aren't a member of these associations.
What's needed is sweeping social change. That always carries a cost to those who stand up for what's right and it often takes generations.
I, for one, am not ready to wait until I find myself surrounded by self-driving cars, automated weapons that can make their own decision about who to kill and $DEITY knows what other robots and computers that will be responsible for keeping me alive... or choosing whether or not to kill me.
I won't wait until we move past counting the cost of our electronic arrogance in billions of dollars and start counting it in bodies. Fix your shit. Make others fix theirs.
Now, if you'll excuse me, I have some long e-mails to write to the owners of various online publications I write for about implementing SSL by default. What stand(s) will you take, dear reader?
Sponsored: Becoming a Pragmatic Security Leader