In his latest blog post, Bruce Schneier points out a particularly interesting note in the Harvard Law Review, which argues that there is a significant benefit from Internet attacks:
This Note argues that computer networks, particularly the Internet, can be thought of as having immune systems that are strengthened by certain attacks. Exploitation of security holes prompts users and vendors to close those holes, vendors to emphasize security in system development, and users to adopt improved security practices. This constant strengthening of security reduces the likelihood of a catastrophic attack — one that would threaten national or even global security. In essence, certain cybercrime can create more benefits than costs, and cybercrime policy should take this concept into account.
I’d have to agree, to some extent. Not only does it keep people, and organizations, on their toes but it also forces the vendors to constantly update their products and evolve to address new concerns. What are your thoughts?