The world is flat. Shouldn’t software security be, too?

SOURCE: SourceClear

Deliberately provoking people is both the upside and the downside of putting a provocative title on the cover of your book. Since its publication in 2005, Thomas L. Friedman’s The World Is Flat has been an international bestseller even as it has provoked some sharp shape-based criticism. One critic (for instance) protests that, no, “The world is spiky” and another that “The world is round.”

The alternative title I would suggest is The World Is Much Flatter Than it Was Before the Internet. Although I more than suspect this title wouldn’t sell many books, it’s more accurate.

Of the ten “world flatteners” Friedman defines in his book, the source of four is 100% the Internet, and all but one (the collapse of the Berlin Wall in November 1989) rely on the existence of the Internet to a high degree.

Consider only Friedman’s four essential Internet-based flatteners: The public emergence of Netscape in 1995, “Workflow software” (a/k/a “a global platform for multiple forms of collaboration”), “Uploading” (open source software, blogs, Wikipedia, etc.), and “Informing” (Google and other search engines).

Before these—that is, before the rise of the Internet—many things were simply out of reach for most people. Want to buy something? You had to search for it in brick-and-mortar stores or in paper-based catalogs. Want to learn something? You had to go to the library, be lucky enough to have a very well-informed friend to talk to, or gain admission to a university (and then attend it for four or more years, pass examinations, and somehow pay for the whole thing). Want to work for Company X? You had to move to City Y and commute on a daily basis.

The Internet and its appliances—browsers, “workflow software,” “uploading,” and search engines—suddenly put a spectacular range of commerce, knowledge, and employment opportunities within reach of most people. No longer was the Library of Congress Catalogue out of reach because it was in Washington, DC, and you lived in Bogota, Colombia. The Internet made the world flat enough to access it anywhere.

Same goes for most of the physical obstacles to collaboration and real-time intellectual exchange—especially the time, effort, and expense of travel. Moreover, the flattening of physical barriers often brings with it a flattening of bureaucratic and organizational barriers as people increasingly deal with other people online rather than with corporations, institutions, and “departments.”

Those of us who develop software for a living can and should celebrate our central role in the Great Flattening. But it’s not all Cristal and cotton candy. While we’ve been developing software to reduce the physical, formal, and organizational friction that historically has retarded commerce, culture, community, and creativity, too many of us still employ workflows that put critical processes out of our own reach.

Even today, many managers insist on dividing development and security, treating them as two separate domains—separate not only in process but also in time. Act I: Developers build software. Act II: Security experts create security. Act II never begins until the curtain goes down on Act I, and none of the stars of Act I reappear in Act II.

The irony of this drama is that we developers—enablers of connection, makers of a flatter world—are typically expected to work disconnected from security, which occupies a level above us and is done sometime after what we do. Born of an anachronistic pre-Internet mindset, traditional security does little more than pack inherently insecure software in bubble wrap, ship it off, and hope like hell for the best.

The flattening force of the Internet has disrupted everything, flipping on its head the old-school sequence of knowledge creation and distribution. Today, social software techniques allow experts everywhere to publish information and get it to everyone anywhere who wants and needs it when they want and need it.

Just imagine the great leap forward in truly trusted computing—the goal of truly secure software—if we developers embraced the disruption we ourselves have created.

This is the SourceClear idea and mission: to design social software solutions that allow the true experts to publish information and get it to developers in real time, when they need it, which is when they can actually use it, as they build software. No friction, no barriers, no time lost, both effort and exposure minimized. In fact, squashed flat.