Another interesting point from Ross Anderson:
Bill Gate’s most brilliant coup was to export the ethos of a hobbyist sub-culture over to the business and consumer marketplaces
Back in the early 1990s, for example, if you visited the Microsoft campus in Redmond and you pointed out that something people were working on had a flaw or could be done better, they’d say, “No, we’re going to ship it Tuesday and get it right by version three.” And that’s what everybody said: “Ship it Tuesday. Get it right by version three.” It was the philosophy. IBM and the other established companies were really down on this. They were saying, “These guys at Microsoft are just a bunch of hackers. They don’t know how to write proper software.”
But Bill had understood that in a world where markets tip because of network effects, it’s absolutely all-important to be first. And that’s why Microsoft software is so insecure, and why everything that prevails in the marketplace starts off by being insecure. People race to get that market position, and in the process they made it really easy for people to write software for their platform. They didn’t let boring things like access controls or proper cryptography get in the way.
Once you have the dominant position, you then put the security on later, but you do it in a way that serves your corporate interests rather than the interests of your customers or your users.
What other product has customers lining up to pay for something which will almost certainly NOT work at the time of purchase? And when it fails to work expects the customer to assume the initial responsibility for fixing the problem? (Just another example of companies outsourcing labor costs to the customers. See here)
If i buy a hot water heater I have great confidence that it will NOT disable my car’s air bags.* Yet, every time I add a new device to my wireless network or update some piece of software on one of my computers, I fully expect that I will have to trouble-shoot new problems on other devises or with other pieces of software.
*This confidence may no longer be warranted given Anderson’s discussion of the risks of the Internet of Everything. (Here)