In the February 2003 issue of Business Communications Review, Steve Kent and I co-authored an article entitled The Sad and Increasingly Deplorable State of Internet Security. In the article, we claimed that, "overall, Internet security really is in horrible shape." We were convinced by computer crime statistics, incident reports and our collective experience that the security technology deployed to date had not proven effective. In fact, incident frequency and cost were increasing at an alarming rate, despite the fact that most organizations were claiming to have deployed state-of-theart security defenses.
We also predicted that security would worsen before it improved. We cited insecure operating system (OS) and network architectures, lame authentication, poor software engineering, lax security management and creep-ing featurism as principal root causes for this “fall from security grace.” We concluded with a mea-sure of hope, however, suggesting that feature moratoria, software reliability agreements, administration improvements and perhaps more regulatory influence could improve Internet security.
Four years later, BCR invited Lisa Phifer and I to comment once again on the state of Internet security. In Sad and Deplorable State of Internet Security, Revisited we found that while security threats have evolved, the root causes of security vulnerability haven’t changed, and they are still being ignored in favor of “quick fixes” to ease security symptoms. While many of our 2003 recommendations were still not widely adopted by 2007, we did note progress in a number of areas, including more secure operating systems and protocols, unified threat mitigation and identity-based network access controls.
Regretably, Business Communications Review is no longer published. I'm strongly inclined to look once again at the state of Internet security. Contact me if you are interested in publishing an article of this kind or know someone who is.