Kevin Beaver's Security Blog

How about a bailout of the information security industry!?

While our government is on the bandwagon of handing out billions of our dollars to the financial industry and, more recently, the auto industry it made me think – what the heck – might as well throw in a few billion or so in support of our industry, right?? After all, it’d be money well-spent on our critical infrastructure here in the U.S.

Here’s what could be done to redistribute our wealth and put it in the hands of information security vendors right now:

1. Give the old-school anti-virus vendors more money for research and development so they can FINALLY offer solutions that detect more than just viruses.
2. Give the firewall vendors at least 35% of the budget ($800 million or so) simply because they need it to stay afloat.
3. Give all of the “mainstream” OS and application vendors cash annuities of a couple of billion each payable over the next 20 years to help them find ways of developing secure software that doesn’t need patching every other day.
4. Give all of the encryption software vendors money for advertising and really cool free stuff to hand out at conferences (cars, juke boxes, Amazon.com gift certificates, etc.) with hopes that one day people will start buying their software.
5. Allot at least 75% of the budget towards supporting focus groups and watchdog committees allowing information security vendors to better understand why management, by and large, doesn’t buy into security they way they probably should.
6. Finally, provide another 10% of the budget to create a tri-partisan committee on secure web development headed by a Secretary of Poor Coding that oversees every line of code in every single application made available over the Web with the goal of having a secure Internet by Q1 2012.

The key here is to think short-term…only focus on our industry and, more specifically, our own companies. We can worry about who’ll pay for all this later…