The Top 5 Influential IT Security Thinkers
The seemingly constant industry buzz surrounding Schneier is well-deserved. With a trail of bestselling books in his wake and two encryption algorithms, Blowfish and Twofish, to his credit, Schneier is well-placed to discuss/argue various IT security-related issues in his free monthly newsletter Crypto-Gram. Most recently, he questioned reported comments made by Howard Schmidt that noted Schmidt’s support for holding programmers personally accountable for insecure code. These published accounts, which sometimes seem to allude to personal liability, are inaccurate, Schmidt says. He notes that his comments were made “in the context of how [programmers’] ability to write secure code should be a part of performance reviews.” Schneier says, however, “It is the software manufacturers that should be held liable” for insecure code. Although the additional costs for making products more secure would fall to consumers, he says securer solutions would prove cost-effective in the long run since users already pay more than they bargained for to fix holes of products they have deployed.