In the the past 6 months or so I have heard several people use the phrase “Perfect is the enemy of good.”
I would like to counter that “Good enough is the enemy of working.” As examples:
– Rapidly increasing identity theft due to lack of a workable public authentication infrastructure (SSNs should NOT be used for authentication!)
– Credit and Debit card theft due to inadequate security measures in credit cards.
– Several large cascading power grid failures over the last decade or two.
– Internet (and more frequently web) outages due to insufficient redundancy and dramatically increasing hostile activities.
If systems are merely “good” rather than well designed, someone smarter, with more motivation will find the holes. If they are nice they will whisper them the company responsible. Increasingly, they will sell them to someone nefarious who is willing to pay for them or they will utilize the bugs themselves.
Computer crime is a lot less risky and a lot more profitable than physical crime. Why risk your life to mug one person when you can steal a million credit card numbers in the same amount of time from the comfort of your home?
Until we properly harden our systems, crime will get worse and failures of vital infrastructure more frequent. Welcome to the future.