In Stating the Obvious, I said that “Information Security … experts are constantly stating the obvious,” and that “This will be one of ‘Top Ten Reasons Why I Hate Computer and Network Security,’ which I will blog next week.”
Well, I actually only have five—make that six, after e-mail from friend and colleague, Marcus Ranum —and I didn’t blog them “next week.” I present them in no special order.
- We state the obvious.
- We talk about and rehash the same old stuff.
- The field is full of pseudo experts who are not really experts or who talk like they are not. [ADDED]
- We focus on the presenting problem.
- We are enamored with statistics—any statistics.
- We look or hope for government to save us.
I’ve already talked briefly about the first. I will expound the others in future blog entries.