It was ever thus (security edition)
GCN at 25
Earlier this year at the RSA conference in San Francisco, RSA's Art Cuviello, Microsoft's Bill Gates and others drew attention by talking about the importance of building security into software rather than tacking on stand-alone tools afterward. As GCN's Cybereye columnist William Jackson pointed out at the time (GCN.com/820), it wasn't a new idea; he noted that SANS Institute research director Alan Paller has been saying the same thing for years.
A gander at the June 1984 edition of GCN takes the idea back even further. Melville Klein, then the director of the Defense Department's Computer Security Center, was quoted on the front page, saying, 'We want the word to get out to vendors that built-in security is essential.' He continued, with phrases that would seem at home at any security conference today, 23 years later. 'Security can't be built on,' Klein said. 'If you want true multilevel security it must be built in.' This was in the pre-Web days, and Klein said his primary worry was the KGB. But the idea is the same. If there's reason for hope, perhaps it's that, this time, it's the vendors themselves saying it.