Facebook announced that they are implementing the option for using an encrypted connection. Twitter announced that they are implementing the option for using an encrypted connection.
And for some unexplained reason, Slashdot.org posted a question asking why everyone doesn't run https? Seriously? It is the same reason that other security measures aren't implemented. It adds complexity. It adds costs. While the specifics may change, the evaluations usually goes something like this - the likelihood of an attack multiplied by the damage done equals the risk. (There are many versions of this formula and I'm sure I've oversimplified, but you get the idea.) The risk calculation can then be used to compare risks, make organizational decisions about risk tolerance, etc. Some companies just don't care about security or they don't care as much as the next company. My company does not spend lots on IT security. I'm sure we spend less (on a percentage basis) than many others in Knoxville.
I'm not saying that implementing https is a bad idea. I am saying that it is more than just a technical decision.
Twitter notice via Slashdot.org
Previously HTTPS Everywhere and Encrypted Google Search.
No comments:
Post a Comment