It is happening more and more, and it is hurting how we are perceived. Flaws that are treated as super critical potentially end of the world and upon further inspection are not. This needs to change.
I almost titled this piece OMGWTFBBQ because that is what happened again recently. A flaw was teased on Monday that people got up in arms about. It was not going to be released until Tuesday, but the sensationalism got the better of people, and someone was able to put out the information late on Monday. Yes I am talking about the PGP/SMIME problem, but this is not the first time this has happened. For those into sports the situations turned into, “Upon Further review the call is reversed.” I am no expert by any means. I read the articles, watch Twitter, ask questions, and try to use some basic logic and common sense. That means waiting for good info, and to make sure you have all the info. The situation this week got so out of hand that articles were telling people to get rid of PGP. Again, this rush to judgement that people in our field had turned out to cause more panic than was needed, and turned into bad advice being given out.
Now, I am not going to get into the flaws themselves. There are plenty of others who have done that way better than I can. What I am more concerned about is the reputation of our field.
“We are Samurai… the Keyboard Cowboys… and all those other people who have no idea what’s going on are the cattle… Moooo. “
-The Plague – Hackers
That is how we do tend to see ourselves. That is how others outside of our field tend to look at us. Part of our job is to give good information that can be used to give good advice to the public in general. Unfortunately, we are jumping the gun more frequently. We are not waiting for peer review of flaws before deciding on pushing the panic button. This I feel is mostly due to ego. People want to be known as doing something, anything. We want recognition. With the PGP/SMIME situation those that found the flaw still get the proper credit. They lose points though for the way they released it in a sensationalized way. The people who started flailing like a muppet about the flaws before they eve saw it then caused more problems. At some point doing this people will stop trusting us. We will be looked at the boy who cried wolf. So what can we do about this?
The answers are simple and might surprise you. First we need to slow down. We need to take time to look at flaws when they are released and not look at any hype or sensationalism that builds up around their release. Second, we need peer review. This double checks anything that is being published for accuracy. A flaw could be found but until someone else reviews we need to be skeptical about the severity. Yes this can cause a day or two delay, but the reputation it will build up as us being trustworthy is worth it. People will listen, and will get good advice instead of the infamous OMGWTFBBQ.
Leave a Reply