Bill gates made a statement over a year ago saying that within 2 years, security would no longer be on the tips of peoples tongues: http://www.gartner.com/2_events/symposium/2004/asset_64250_1555.jsp
As I understand it the reason he made this comment is that we will all have software that will be secure by design, secure by default. As well as all of the tools to combat spam, malware, hackers etc and security will no longer been seen as the ‘Defense against the dark arts’, requiring a little ‘divination’ along the way. Now whether you believe the statement or not, the interesting question begs as to what will happen to all the information security people? Does this mean the end of the road for us or simply that we must re-train?
One of the new tools in Windows Server 2003 SP1 is the security wizard which is designed to help you reduce the attack surface of the server by providing a roles based configuration wizard. Now of you are like me and like to configure things manually you perhaps tend not to use the wizards. So taking the plunge I decided to have a play and actually quite liked the experience. Now would I leave it at that in a production environment, probably not. But it does start to make me wonder if by making more secure by default, less vulnerable to attacks, more frequently and easily updated and quite simply less of a problem for everyone a good idea. the answer has to be Yes! Even if we do not achieve our utopian state where we can take security for granted, the path is a worthy one.