|Orientation ||Focus ||Typical assessment||Type of Trust |
|Government ||Assurance of quality, reliability, safety, and appropriateness for use ||Commercial security products aren't good enough to be used. We are losing the security war.||Authority+Network: We are not getting adequate assurances of security - neither from centralized guarantors, or from the emergent power of the network. |
|Hacking ||Tools and techniques of exploration and exploitation at the micro and macro levels ||Unwilling to confer a positive evaluation on any product or technology vendor (especially Microsoft).||Commodity+Authentic: We hackers can usually engage more deeply with the product than the vendors themselves. |
|Economic ||People are behaving rationally, if only we can understand their motivations ||Few people ask whether products are secure, so there is little explicit demand for security. ||Commodity+Network: Security (or its lack) emerges from the combined behaviour of rational actors. |
There are several other possible permutations, but the orientation I want to encourage is based on Network+Authentic - combining a deep engagement with the (focal) practices of technical security with a broad and dynamic social base (process-driven, community-driven). Next question: how can we foster this orientation?