Read at least the first few paragraphs of this post on 0x000000.com on how security is useless (wish I could remember who maintains that site, since their name isn’t apparent). If we’re into security or even have a smidgeon of security consciousness in our IT worlds, we’ve been there. In fact, I think we all need to hit this low point in the rollercoaster of life regularly. Really, that’s the point of what we do, right?
Every time I feel this way about security, I am reminded that skilled attackers are still rare and that security does not have to absolutely protect against them. We need to accept that and be happy with that if we’re to continue as an industry or even in our happy lives.
I like to think of security like herding cars, holding sand, or visualizing wind. These are all difficult, if not impossible tasks to do perfectly. That doesn’t mean we do nothing. Security is not black and white, perfect or useless; to believe so means a belief in a silver bullet to achieving a perfect security state. (Think about it for a while and what implications there are which follow certain beliefs.)