http://emergentchaos.com/archives/2006/10/long-term-impact-of-youthful-decisions.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2006/10/long-term-impact-of-youthful-decisions.html/comment-page-1#comment-2780 Iang (GP) Wed, 25 Oct 2006 06:32:31 +0000 http://emergentchaos.com/?p=2028#comment-2780 I make a similar point in the GP story. I go a bit further and incorporate the likelihood that the security model first suggested is plain wrong, and also that any costs incurred by security feed materially into reducing the chances of survival of the company. In fact, employing security in the early days could be the reason that most security-oriented companies fail, which was the observation that got me thinking about it. The simple hand drawn graphic in <a href="https://www.financialcryptography.com/mt/archives/000604.html" rel="nofollow">GP4.1 Mutual Funds</a> bears a resemblance to the one above, but is only related, not equivalent. I make a similar point in the GP story. I go a bit further and incorporate the likelihood that the security model first suggested is plain wrong, and also that any costs incurred by security feed materially into reducing the chances of survival of the company. In fact, employing security in the early days could be the reason that most security-oriented companies fail, which was the observation that got me thinking about it.
The simple hand drawn graphic in GP4.1 Mutual Funds bears a resemblance to the one above, but is only related, not equivalent.

]]> http://emergentchaos.com/archives/2006/10/long-term-impact-of-youthful-decisions.html/comment-page-1#comment-2779 David Molnar Tue, 24 Oct 2006 21:16:38 +0000 http://emergentchaos.com/?p=2028#comment-2779 This reminds me of the Gartner analyst's quote in the NY Times article on contactless credit cards. It sure looks like the card issuers sacrificed encryption of data in favor of time-to-market and hoped no one would notice. One of the differences between credit cards and software, however, is that credit cards stay in place for years and typically can't be patched short of a reissue... (Another factor in the credit card case, of course, was that the card companies claimed repeatedly that the data would be encrypted. Too bad it didn't get implemented that way.) In any case, there's probably an interesting WEIS paper that could come out of putting together a model for when it makes sense to defer security expenditure and when not. Do you know if it's already been written? This reminds me of the Gartner analyst’s quote in the NY Times article on contactless credit cards. It sure looks like the card issuers sacrificed encryption of data in favor of time-to-market and hoped no one would notice. One of the differences between credit cards and software, however, is that credit cards stay in place for years and typically can’t be patched short of a reissue…
(Another factor in the credit card case, of course, was that the card companies claimed repeatedly that the data would be encrypted. Too bad it didn’t get implemented that way.)
In any case, there’s probably an interesting WEIS paper that could come out of putting together a model for when it makes sense to defer security expenditure and when not. Do you know if it’s already been written?

]]>