Innovation and security

Microsoft's fine from the EU got me thinking. It says a lot that it is a software company that has been on the receiving end of a fine that is record breaking in size. It says a lot about the importance of IT capability today and how much we rely upon the availability of the infrastructure and the accuracy and availability of the applications and information. But what really got me thinking was the reason for the fine; repeatedly exhibiting behavior designed to stifle innovation. Houston...we have a problem. Daily, attacks with an assortment of motivations from the curious to the criminal to the military take place at a much higher rate than reported publicly. That most people only hear of massive problems and breaches occurring and not about the rest is perhaps testament to the fact that on the whole a lot of people work very hard to keep everything secure and operating. We certainly do not want to hamper any of those efforts such that they're anything less effective than "as absolutely best they can be in every way".

History has shown that the attacks not only multiply they also adapt - there is innovation there too. So does anyone really think that those developing and designing on the attack side are deliberately holding their innovation back? This is a fundamental problem. Stifling innovations that evolve IT, or even overly delaying releases of new features to suit sales over secureness and resilience is making us all less secure. This is the big picture I think and we must not accept it as industry behavior.