Going round in circles

The following quote is taken from an article entitled Computer Security: A Current Assessment, published in the very first edition of Computers & Security Journal back in January 1982.

We have figured out how to make computers faster, smaller, and more efficient, but computer security, by and large, is still at the “lock on the door” stage. There are a number of reasons for this, but the primary ones are that computer vulnerability is unpleasant to contemplate, that inadequate data disguise the true picture of computer abuse, and that computer security is a cost item in the budget which is not balanced by a tangible profit item.

In the intervening 26 years, we don’t appear to have come very far. For instance, this article attempts to justify security budgets by using metrics but ends up admitting that “you might not get everything on your request list” while here, the author restates in a slightly different way exactly the point that the above quoted 1982 article makes by saying security budgets are reaching a level where they must be justified. Sometimes it seems like we’re going round in circles on these subjects. Comes back to what I said yesterday about needing a new approach…