"Regulation is a boon to security. Without the
government and other private organizations leading security around by
its nose, we would be eternally trapped in the "just strap another
pizza box into the rack" solutions offered by clueless vendors. There
were zillions of them at RSA this year.
One problem is that many security vendors seem to be in it for
the money. For example, antivirus vendors love to tie you to the gerbil
wheel of virus definition updates, even though they know there are
superior antivirus approaches to the ones they currently sell which
would not require constant updates (or the associated recurring revenue
stream).
And just about all vendors are guilty of the silver bullet
myth, that is, "just buy our silvery bullet-like stuff and your
security problems will miraculously disappear." The worst silver bullet
offenders are the application firewall people. Talk about approaching
the right problem (software security) in the wrong way (network traffic
inspection)!
Fortunately there are regulations to rescue us from our own
nonsense. Probably the best regulatory nose-leading has been carried
out by Sarbanes-Oxley. In the first runner-up category, the credit card
consortium’s Payment Card Industry (PCI) standards have likewise
generated great forward progress in security. "
Article Link: http://www.darkreading.com/document.asp?doc_id=119163
