A blog plain with security stakeholders
Or on the reasons for a blog at the intersection of software security, economics and market.
Over the last fourteen years as an information security professional, I have been working with my colleagues at accelerating innovation for security vendors and improve the users' real-world security posture.
Looking back to the field, some aspects have certainly changed in this time. For example, we have experienced an increase in the demand of security technologies and processes, especially in connection with the regulatory compliance business driver, and have seen some security threats reach the mainstream audience. Yet, almost all major information security challenges are still open. As a matter of fact, current economic, regulatory and legal incentives in the security market are misaligned, distorted or ineffectual.
What will be the software security's place in the world over the next 14 years? Will we find the way to balance the information between buyers and sellers in the security market? Which incentives will we manage to provide to manufacturers to build security in?
There is not only one possible place for software security, tomorrow. Though, our society will live only the future it will choose to live into.
I believe software, as any human creation, is "subject to the strengths and foibles of humanity". At the same time, I know the human element, and the understanding of how we behave, to be key to holistically address the security challenges and make the software the new foundation our society can rely on.
So I though maybe sharing some of my fun through a blog at the intersection of software security, economics and market, and plain with security stakeholders, might be one more way to make them better off.
