Joseph Ratzinger and Information Security
Joseph Ratzinger (a/k/a Benedict XVI) made some comments recently made some comments that got some press. In particular, as Reuters reports: “Pope in Africa reaffirms ‘no condoms’ against AIDS.” [link to http://www.reuters.com/article/homepageCrisis/idUSLH936617._CH_.2400 no longer works] Quoting the story, “The Church teaches that fidelity within heterosexual marriage, chastity and abstinence are the best ways to stop AIDS.”
Many of you are likely outraged. Saying, “sure, if only people would do that, then we wouldn’t need condoms. But people don’t behave that way.”
I’d like to explain what this has to do with information security. Some of you may be saying “sure, but we’re not that bad.”
In information security, we often keep saying the same thing over and over again, because we know it’s right. We tell people to never write down their passwords, to always validate their input, and to run IDS systems. Deep in our hearts, we know they don’t, and yet we keep saying those things. We tell them they “have to” fix all the security problems all the time.
It’s my hope that we in information security will be less religious than the Pope, but there’s plenty of evidence that, like him, we offer advice that makes people shake their heads in disgust.
Wherever you work, whatever you do, it’s worth asking yourself: am I being dogmatic in what I’m asking of people?
Me, I’m being dogmatic about asking you all to keep it civil in the comments.