Some simple logic that is causing me to furrow my brow. Please, if you can refute one of my premises or dispute any of my conclusions then let me know.
Thinking about Microsoft Windows, Microsoft Internet Explorer and Microsoft Office:
(1) Security vulnerabilities continue to be found in these products today
(2) Forthcoming releases of these products are subject to the same patches as the current releases
THEREFORE (1+2)
(A) Unpatched vulnerabilities still exist in current and future versions of these products.
Now,
(3) Security patches, virus checkers and firewalls protect against known vulnerabilities
THEREFORE (A+3)
(B) We have no protection against an exploit of an unpatched vulnerability.
Furthermore,
(4) Microsoft Windows and Microsoft Office have around 100% market share on the corporate desktop
(5) Many people and organizations have a financial or political interest in attacking or threatening to attack wealthy corporations.
(6) Some of these organizations have substantial resources to mount a sophisticated attack
THEREFORE (B+4+5+6)
(C) There are organizations planning to attack the corporate desktop using an unpatched vulnerability for financial or political gain.
(D) There is considerable risk of a severely damaging attack
What is perplexing me is the unwillingness of any corporation I know to do something about this. I am talking about an attack that could threaten the viability of a major global corporation. Top headline on the evening news. Pundits talking domesday scenarios.
Some organizations have publicly announced moves to an open source desktop platform (Telstra, City of Munich etc.) but this has always been for cost reasons.
Why isn’t this the most talked about issue in IT? The only reason I can think of is the analogy with climate change:
(a) the threat increases slowly, and there is no natural trigger for action (b) the cost of mitigating the threat is substantial (c) the mitigation is not guaranteed to work (d) the cost is incurred today and the benefit is gained tomorrow or the day after (e) it is boring
I want to discuss this some more. Any contributions gratefully received.