It’s been a while since I read Dan et al’s original paper CyberInSecurity: The Cost of Monopoly. For whatever reason it’s crossed my desk again, but mostly because of Dan’s followup Monoculture on the Back of the Envelope. To me the original paper was crucial for people to comprehend the issues that arise when a single system becomes so prevalent. However, I think the issue is deeper than what’s presented in the papers. To me there’s a deeper issue in that IT and computers are beyond the ken of most people. This ends up creating massive security problems in that most people simply are unaware that their computers are vulnerable nor are they aware that they’ve been compromised. Unlike most of the technology we use computers are networked together into a larger whole, and therein lies the larger issue. In isolation a monoculture is immaterial but in a fully networked environment with owners of the various components unaware or unable to be unaware, we have a major issue. And this has been discussed, repeatedly, by various security experts. But what must be noted is that if today, even if shops went to a split of 1/3 Windows, 1/3 OS X,
