Open Source IE
Recently, I was listening to an interview with Bruce Schneier regarding his new book Beyond Fear. Schneier has some good ideas about the state of security in our country. In particular, I like his ideas about protecting everyone’s target, the U.S. Every terrorist wants to attack the U.S., and Schneier reports that terrorist are verying good at identifying wholes in the system. Rather than spending billions plugging each new hole (e.g. airport security), he advocates plugging the hole then concentrating on infrastructure improvements (e.g. better EMS, better communication, etc) so that when terrorist do attack, we are prepared to minimize the effects of that attack.
So, given that in the software world Microsoft is every hacker’s target, and Internet Explorer is the target in the browser world, what should Microsoft do? We’ve all seen that Microsoft’s current strategy is ineffective because it takes too long to patch a hole. In comparison, when Firefox is attacked, a patch appears within hours. So it’s time for Microsoft to open source IE. That’s the infrastructure change that will enable Microsoft, and the IE user community, to quickly and expertly respond to the inevitable attack.
(okay, so I’m sure I’m not the first to say this, but I want to be part of the chorus…isn’t that one purpose of a blog)
