I Refused to be Terrorized

---

Bruce Schneier has a
great blog post on this. I'm joining the movement, with this declaration:

I am not afraid of terrorism, and I want you to stop being afraid on my behalf. Please
start scaling back the official government war on terror. Please replace it with a
smaller, more focused anti-terrorist police effort in keeping with the rule of law.
Please stop overreacting. I understand that it will not be possible to stop all terrorist
acts. I accept that. I am not afraid.

In fact, I would amend this a little to include more than just the politically-correct
discussion of terrorism and the government:

I am not afraid of security discussions, and I want you to stop being afraid on my
behalf. Please start scaling back the draconian requirements on my passwords and connection
options. Not everything has to run over HTTPS and require passwords that must be 12
characters long and contain an upper-case letter, a lower-case letter, a number, a
punctuation mark, and a letter from the Klingon alphabet. Please replace it with a
smaller, more focused security effort in keeping with the risk involved. Please stop
overreacting. I understand that it will not be possible to stop all acts of security
attack. I accept that. I am not afraid.

I want companies not to abandon their security efforts, but to put the effort into
more targeted efforts. Don't spend millions instituting a VPN; instead, spend that
time and money getting developers to find and fix all the command injection and/or
cross-site scripting attacks that plague web applications.

---

Enterprise consulting, mentoring or instruction. Java, C++, .NET or XML services.
1-day or multi-day workshops available. Contact
me for details.