Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: bk (chort0gmail.com)
Date: Fri Jul 23 2010 - 13:29:00 CDT
On Jul 22, 2010, at 10:12 PM, Marsh Ray wrote:
> On 07/22/2010 10:40 PM, Dan Kaminsky wrote:
>> There are fundamental sources of these failures that are not just
>> "people are stupid". Remember the tales of failed +$100M PKI
>> deployments around the turn of the millenium?
> I can imagine a PKI project failing.
> But failing after $100M is spent can be only explained by business
> management problems. This is not a space program we're talking about
> after all, the PKI technology just isn't that risky.
It's not that it's risky, it's just that the techy people got all carried away with how it should work technically, and by the time they rolled it out to actual workers they realized that it was a usability disaster. No one is going to deal with that big of a disruption to how they perform their work on a daily basis. The biggest, grandest schemes always get torpedoed by the smallest human problems.
So far as I know, the only environment PKI is really widely adopted in is the military, because they get to say "you WILL use this smartcard, soldier! YOU HAVE A PROBLEM WITH THAT?" Private sector workers can just say "Hah, I'll call that head-hunter back." Soldiers? Not so much...
>> Why do you think so much money got spent?
Consultants: The people you call when you just can't admit the requirements were ridiculous, but are willing to burn a few million more dollars proving it conclusively.
> The worst idea I've ever heard is probably this:
Should go without saying. Oops.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/