When I think about how much money and time our society invests to reduce susceptibility to malicious (and sometimes just dumb) acts, I get nauseous.\u00a0 Organizations that produce software, appliances, automobiles, etc.\u00a0 spend billions of dollars testing their products to reduce the likelihood of a hacker exploiting it or a consumer suing them for using their product in some stupid way.\u00a0 Don\u2019t we all know we're not\u00a0supposed to use a\u00a0blow dryer in\u00a0the bathtub, or put hot coffee on our laps after pulling out from McDonald\u2019s drive-thru?\u00a0I know, I know -- it's not the consumer's fault... the manufacturer should have taken more precautions with their product... the consumer has a right to sue (another religious battle to argue). Yeah, right, but it's still a pretty stupid action. Designers, whether they are software or structural architects, can only factor in what is known today and consider the dumbest and most likely ways that a consumer or attacker could use their product.\u00a0 I realize this is a religious battle, but how can we expect to hold manufacturers accountable for ALL security defects in their products?\u00a0I'm reminded of the clich\u00e9, "guns\u00a0don't kill people; people kill people."\u00a0 Has a gun manufacturer ever been sued because a murderer used their product to shoot someone? Should manufacturers be responisble for quality and strive for higher standards -- absolutely. Long live W. Edwards Deming! But how far do we take it with respect to security? Can you imagine all the good uses we could put our time and money toward if we didn't have to protect ourselves against hackers and idiots -- like building a better product with lots of really\u00a0great features?\u00a0 I bet\u00a0my\u00a0microwave (or my Linux server for that matter)\u00a0could wash my\u00a0dirty dishes if more effort were spent on feature enhancement.\u00a0And I'm confident we'd\u00a0see a lot more robots in everyday use (don't get me started on Japan's culture and the relative violent crime ratios between there and the US). \u00a0Imagine going to an airport where you experienced a quick and non-hassled walk to your airplane and parking was free because airlines and airports didn\u2019t have to shell out millions of dollars in security.\u00a0 What a waste.Yes, TJX was negligent in their efforts to install and maintain secure information systems, but we also have to remember that they were the victim of a crime -- yes, a victim, not the criminal. Unfortunately, their poor judgment caused millions of others to become victims, too, and for that they will probably be punished with some hefty fines and settlements (and rightly so). But they didn't perpetrate a crime... their weak systems were exploited _by a criminal. I'm no apologist for poor information security systems, but we shouldn't be making criminals out of victims. The Stop & Shop heist was a real shame because that company was doing so much right and making so many investments to secure their infrastrucutre, and then *wham!* a clever group of crooks hits a soft spot in their POS systems. Tsk, tsk...And the costs of information security breaches are not trivial. Remember the incident at\u00a0UCLA just a few months ago (December 2006)?\u00a0UCLA administrators admitted that a hacker had been accessing campus databases containing Social Security numbers and other personal information of some\u00a0800,000 staffers and current, former, and prospective students. The cost of notifying all the affected people: an estimated $10 million. So much for that new hi-tech computer lab at UCLA. Of course, there are also some dumb decisions that lead to incident costs: how 'bout that dandy\u00a0promotion McDonald's ran last August in Japan where\u00a0they\u00a0gave away 10,000 Mickey D's-branded MP3 players? The players came preloaded with\u00a0songs\u00a0and, on occasion, a version of the QQPass\u00a0Trojan. The virus\u00a0crawls a machine when connected\u00a0-- it captures passwords, user names, and other data and then forwards the info along to hackers. Whoops! Shoulda checked those MP3 players before handing them out! More cost and time to protect ouselves against people trying to steal from us. I never thought I\u2019d see the day that my job would rely on bad and dumb people.\u00a0 They keep my paycheck coming along, but I think the world is better off without them.