> The problem is that defensive security still is not a big enough priority for customers or vendors
This is absolutely true. Most people care about price over any other variable.
Yet even areas where there are people who prioritize security consistently fail (Apple vs Jailbreakers, Open Source SSL/TLS developers vs CA validation failure). There is literally no code on this planet you can trust 100%. Even the code that sent people into space had bugs.
edit: I do like the idea of cryptocurrencies, but I don't trust software enough yet. I'm more bullish on the idea of P2P shared blockchains in the form of namecoin as a replacement for DNS etc.
> Most people care about price over any other variable.
most people (at least, in western countries) don't pour over the ingredients, or sus out the manufacturing process to see if their food products have poisons in them, or whether they are fit for eating. It's mandated by law.
I would like to see security have such measures mandated by law, so that it frees the average joe from having to worry about it. Because face it, the average person can't worry about it - it's an expert field.
Mandating something like FIPS for everything would impair startups quite badly. For the moment I'm quite happy to not have regulations on the development process or content of software.
This is absolutely true. Most people care about price over any other variable.
Yet even areas where there are people who prioritize security consistently fail (Apple vs Jailbreakers, Open Source SSL/TLS developers vs CA validation failure). There is literally no code on this planet you can trust 100%. Even the code that sent people into space had bugs.
edit: I do like the idea of cryptocurrencies, but I don't trust software enough yet. I'm more bullish on the idea of P2P shared blockchains in the form of namecoin as a replacement for DNS etc.