Security

We can’t. You think you can, but you can’t. This reminds of the Feynman video where he’s asked how magnets work and he doesn’t explain it, he explains why he can’t explain it. Our problem is we’re generally too clever to know when to stop. There are limits to our cleverness unfortunately. I’m picking on buffer overflows in this case because they’re something that’s pretty universal throughout the security universe. Most everyone knows what they are, how they work, and we all think we could explain it to our grandma. ...

Sometimes it’s really hard to be nice to someone. This is especially true if you think they’re not very smart. Respect is a two way street though. If you think someone’s an idiot, they probably think you’re an idiot. You’re both going to end up right once it’s all over though. As an industry we overestimate how much people know about security, which I think is the root of our problem. ...

How many times have you been afraid to say something about security because you knew if you’re wrong, you’re going to be destroyed in public about it by your peers? How many times did you try really hard to completely discredit someone who said something wrong about security? How many times have you been wrong but still argued because you didn’t want to admit it? How many good ideas never saw the light of day because of this? ...

You’re probably bad at talking to people. I don’t mean your friends you play D&D or Halo or whatever hip game people play now, I mean humans, like the guy who serves you coffee in the morning. We’ve all had more than once instance where we said something and ended up with a room full of people staring at us because it wasn’t terribly nice or thoughtful. At the time you had no idea anything was wrong, you still might not. ...