<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Jan 14, 2014 at 1:36 PM, Bear <span dir="ltr"><<a href="mailto:bear@sonic.net" target="_blank">bear@sonic.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On Mon, 2014-01-13 at 14:16 -0500, Kent Borg wrote:<br>
> On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:<br>
> > Unless someone shows evidence that RSA actually knew they were being<br>
> > punked, the boycott makes no sense.<br>
<br>
</div><div class="im">> If we can't make selling security pay, we can maybe make selling<br>
> insecurity cost. There are a lot of other suits watching this, seeing<br>
> how RSA fairs. I want them to see something gruesome, something that<br>
> worries them. (The same way I want a banker or two who nearly dumped us<br>
> into DEPRESSION to go to jail, so others will think twice.)<br>
<br>
</div>I tend to agree. If RSA doesn't go down in flames over its utter<br>
failure, then people will learn from that fact that security is a<br>
joke industry. That's a problem we already have badly enough with<br>
the failure after failure after failure revealed by the Snowdon<br>
files.<br>
<br>
I don't think that there is any real hope of building a secure<br>
infrastructure for the world if the world learns by this example<br>
that an industry leading security company can completely fail in<br>
its primary mission without consequence.<br>
<br>
That would be a vote of no confidence in the entire security<br>
industry, like an acknowledgement that there can never be security<br>
and there's no point in even trying.<br></blockquote><div><br></div><div>I am really reluctant to set that type of precedent. I think that we are not finished with the disclosures yet. If we take everyone out to the woodshed and hack their heads off each time we find out about the next NSA hack, well we might find that none of us are left to do the work that needs to be done.</div>
<div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
That said, I don't think a conference boycott is specific enough.<br>
A conference boycott hurts everyone at the conference. And most<br>
of them have not been complicit (or merely incompetent, which is<br>
nearly as bad) in betrayal of the public.<br></blockquote><div><br></div><div>That is my problem. Hurt RSA if you like, fine. But boycotting the show is like boycotting the village fete because the Lord of the Manor let a cow get loose and trample everyone's begonias.</div>
<div><br></div></div><div><br></div>-- <br>Website: <a href="http://hallambaker.com/">http://hallambaker.com/</a><br>
</div></div>