My Talk at Google
Last week, I gave a talk at Google. It’s another talk about power and security, my continually evolving topic-of-the-moment that could very well become my next book. This installment is different than the previous talks and interviews, but not different enough that you should feel the need to watch it if you’ve seen the others.
There are things I got wrong. There are contradictions. There are questions I couldn’t answer. But that’s my process, and I’m okay with doing it semi-publicly. As always, I appreciate comments, criticisms, reading suggestions, and so on.
EDITED TO ADD (6/30): Two commentaries on the talk.
EDITED TO ADD (8/1): To date, 14,000 people have watched the talk.
Carl 'SAI' Mitchell • June 28, 2013 4:13 PM
I’ve been coming to like the idea that security is primarily an economic problem. Finding bugs and vulnerabilities (software, hardware, and social) is expensive. Companies and groups of individuals make software, but spending the time/money to find all the security bugs is very, very expensive. Look at the state of OpenBSD (highly secure, not very functional, huge developer effort into security) vs Linux (much less secure, much more functional, moderate developer effort into security). Governments can devote vast resources to finding vulnerabilities, while companies don’t have the resources to do so. Governments can also rely on others to create much of the software/hardware/social norms, and thus don’t have to pay directly for these things. There’s an inherent asymmetry in what each side needs to spend to get power (find a vulnerability) and the Government side can spend less of its total budget and has greater resources to spend.