An open letter to Bill Gates, Steve Jobs, Paul Otellini, Steve Ballmer, Dirk Meyer, Michael Dell, Larry Ellison and Jim Whitehurst
As you know, the world has been fighting hackers for over 15 years. Despite best efforts to secure networks and computers against compromise, we continue to lose systems, credentials and information to the enemy every day. Direct attacks against vulnerable assets, social engineering, phishing, taking advantage of poor security practices, malicious email and infectious Websites continue to be effective across the entire globe. No one is safe. We clearly have a problem and there are no indications that the situation will improve anytime in the near or distant future.
The reason why I am addressing you regarding this matter, is because collectively, you are the only ones that can initiate the changes necessary to make computing secure. Here’s why:
Information technology is not engineered to be secure against hackers, it is only secure against honest people. The current security measures implemented at the hardware, operating system and application levels are meant for people who play by the rules, not for people who make up their own rules. As a result, none of the products you produce are inherently secure against hackers. That’s why everyone resorts to using third party security and monitoring products to try and protect themselves and detect compromise. Unfortunately, third party tools are unable to keep up with the ever evolving techniques and tactics used by hackers. Given current information technology and security paradigms, we will never be able to successfully address security issues.
Addressing the security issues we are facing today requires a fundamental change in technology and paradigms. This is not about evolution. This is about reinvention. If you take a step back and objectively assess the situation, you will agree that what I say is true. We need to stop relying on third party tools and address the root cause of problem. Like it or not, the products you produce need to be completely reengineered to be inherently secure. This may seem like an unattainable goal, but I and others believe it’s attainable, and if you collectively put your minds together, you too will agree that this goal is attainable. Reengineering is the only course of action that makes sense.
You have the best and brightest engineers in the world working for you. You have the power to refocus their efforts to make computing secure. It just comes down to creating a vision, setting goals and laying down a path for the computer industry to follow. The future and fate of computing rests in your hands.
I thank you for your time.
If you agree with me, spread the word! Blog it, Tweet it, link it on your Facebook page and email everyone you know. You can make a difference by raising everyone’s awareness – and everyone’s awareness will drive the changes that needs to take place to make computing secure for everyone. Thanks for your support!