[Cryptography] Boing Boing pushing an RSA Conference boycott
Kent Borg
kentborg at borg.org
Thu Jan 16 08:48:12 EST 2014
On 01/15/2014 03:33 PM, Salz, Rich wrote:
> Agree. So why is a boycott a good thing? Why punish someone for being
> tricked? (Not specifically directed to Ian). It seems to me the better
> object lesson is one of the strongest cryptography companies in the
> world (at the time) was tricked into possibly making many of their
> customers vulnerable. How can we move forward from this?
I want everyone to see blood (figuratively), and be afraid. For their
jobs, for their reputations.
Every few minutes some other business has a data breach, and it seems
their big worry is always publicity ("Can we kill a messenger?"). Let's
up the stakes. I want to see a little operant conditioning, apply some
pain to mistakes, and see people trying to avoid being part of blunders.
Security doesn't sell, let's at least make security blunders cost.
RSA needs to be seen as having paid dearly for their very bad mistake.
People in corporations need to be able to invoke "RSA" and have others
shudder. I don't care if others have also done bad things, I want RSA
made an example. How much worse could they have behaved? Make an
example of them.
How much money did EMC pay for RSA? I want EMC (and others) to see that
a purchase can be destroyed if they misbehave and just cash the big
check. Did EMC managers encourage them to be profitable, praise them
for the nice haul? I think we can assume "yes". Did EMC put /any/ real
effort into policing RSA's integrity? We don't know, but I guess "not
really"; clearly it was not enough. Make EMC pay for that.
Security doesn't sell. At least make security blunders cost.
-kb
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140116/38ed59bb/attachment.html>
More information about the cryptography
mailing list