What's great about this argument is how versatile it is. Climate change got you down? How about deforestation, or antibiotic overuse? Tired of people telling you not to write web applications in C? Your one liner seamlessly shuts down discussion in any of those debates!
In fact: the finger-waggers have been right about this issue since approximately 1988, when Paul Graham's friend shut down much of the Internet with a tiny C program that shouldn't have been possible to write back then, but is in fact still possible to write in 2016.
Fortunately, folks "woke up" a bit as a result of that event (granted, security wasn't really a concern at that time). Unfortunately, it was relatively quickly forgotten and it took another 10-15 years before security really became something that was looked at as anything other than an inconvenience or an impediment.
I'm becoming more and more convinced that nothing is going to change (with regard to overall security in general) until we have some huge event that negatively impacts a large portion of the population in a major way. Until then, things will continue as they are, and security won't be taken seriously.
I'm ready for the 2016 version of the 1988 sendmail worm (or perhaps something with the "average user"-visible impact of the 1990 AT&T crash), just to "get it over with" and get us moving forward.
The lack of liability changes in the wake of the Target breach (at the very least) means that companies can foist whatever security model they feel like upon the market without any possible repercussions. You basically have to be VW compromising a highly regulated industry for there to be any negative effects beyond PR, and internet-accessible data is so far completely unregulated.
And even then the benefits to ignoring the warnings for companies is still pretty powerful. VW may have been caught and punished in the US but here in Canada they are still dragging their feet with any mention of compensation to victims and our courts are letting them.
"We can't keep driving these and feel good about ourselves. So something needs to be done and I just want an answer.… It's not about the initial mistake — it's what you do to make things better." http://www.cbc.ca/news/canada/toronto/vw-emissions-1.3708372
Even if a big event occurs I think the security drive will be short-lived. You'll then find a few manufacturers taking shortcuts to beat their security-minded colleagues to market... then the floodgates open again as everyone races to the bottom.
Admittedly I am now interested and, I apologize in advance if this is in the thread already and missed it (thanks poor vision!) but, would you happen to have a link or explainer as to this incident? Sounds very intriguing.
In fact: the finger-waggers have been right about this issue since approximately 1988, when Paul Graham's friend shut down much of the Internet with a tiny C program that shouldn't have been possible to write back then, but is in fact still possible to write in 2016.