I certainly don't blame the average user -- they aren't computer security experts. They're doing what they are told by their computer. But fewer software vulnerabilities aren't going to solve our problems. The only way to significantly diminish malicious hacking is to fix the underlying problems, and that means significantly changing the way the Internet works. We need default, pervasive authentication, centralized security services, and the ability to communicate trust and assurance in every Internet packet.
It's not as hard as it sounds. It can be done. We don't even have to invent any new security protocols. Everything we need already exists. We need only agree to do it, put some values in a few tables, and implement.
I say this at least a half-dozen times a year, and I've been at it for more than half a decade. My first column on how to fix the Internet was published in January 2008, followed by my whitepaper on the subject in May of the same year; the most current update was posted just last month. I've also written regularly on the subject; check out my earlier posts "This Internet fix is no pipe dream" and "Fixing the Internet would be easy -- if we tried" for proof.
I can't get worked up about increasing software vendor liability, next-generation firewalls, or any endpoint security defense -- because they will not work.
I get tired of wasting cycles on debating ineffective solutions. I want to knock down the false defenses, if possible, so that we can start concentrating on the defenses that will work. Suing (or even yelling at) software vendors isn't the answer.
This story, "Suing software vendors is no security fix," was originally published at InfoWorld.com. Keep up on the latest developments in network security and read more of Roger Grimes' Security Adviser blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.