The most popular and comprehensive Open Source ECM platform
Ross concludes that “much has been written on the failure of information security mechanisms to protect end users from privacy violations and fraud. This misses the point. The real driving forces behind security system design usually have nothing to do with such altruistic goals. They are much more likely to be the desire to grab a monopoly, to charge different prices to different users for essentially the same service, and to dump risk. Often this is perfectly rational.”
Ross explains the impossibility of ever being able to secure complex software. He offers the example of the Windows Operating System. In 2000, Windows OS had more than 35,000,000 lines of code. Because it was so large and complex, it could well have more than 1,000,000 bugs when released. The hackers may only need to find and exploit a single bug to compromise the system, whereas the developers that try to fix the bugs may only be able to fix a fraction of the total. The numbers make it difficult to ever raise a totally secure defense.
In an interview with Search Security, Ross said that “The information security problem is basically a problem of politics and regulation, rather than technology. Even if you were to encrust all of your medical systems with all sorts of fancy firewalls, encryption and goodness knows what, that wouldn’t fix the problem. ”