| Orientation | Focus | Typical assessment | Type of Trust |
| Government | Assurance of quality, reliability, safety, and appropriateness for use | Commercial security products aren't good enough to be used. We are losing the security war. | Authority+Network: We are not getting adequate assurances of security - neither from centralized guarantors, or from the emergent power of the network. |
| Hacking | Tools and techniques of exploration and exploitation at the micro and macro levels | Unwilling to confer a positive evaluation on any product or technology vendor (especially Microsoft). | Commodity+Authentic: We hackers can usually engage more deeply with the product than the vendors themselves. |
| Economic | People are behaving rationally, if only we can understand their motivations | Few people ask whether products are secure, so there is little explicit demand for security. | Commodity+Network: Security (or its lack) emerges from the combined behaviour of rational actors. |
There are several other possible permutations, but the orientation I want to encourage is based on Network+Authentic - combining a deep engagement with the (focal) practices of technical security with a broad and dynamic social base (process-driven, community-driven). Next question: how can we foster this orientation?
Technorati Tags: security trust
