Computer Security and The Human Factor
Nudecybot has a thoughtful post on Computer security and the human factor. He takes a discussion we had, and organizes it well. He talks about airline safety vs computer safety, and how an anonymous reporting system has helped in the airline case.
I think there’s two bits that he misses that make the airline safety system work: First, reporting is mandatory. (Or so I understand.) Second, the reports are analyzed and summaries are published, trends are discovered, and results are discussed. CERT collects data, and doesn’t have the budget to analyze it regularly. They do publish Incident Notes. They’ve done two this year.