Monday, September 10, 2007

And now...Comedy...

Friday saw the quarterly official Errata Security team building, offsite, management meeting held in at the Regal Cinemas in Atlantic Station. The Errata Security founders viewed Shoot’em Up with Clive Owen. Shoot’em Up provided an opportunity to do something I have wanted to for a while: discuss security products designed by committee. First my short review of Shoot’em Up.

Shoot’em Up as a movie exists in a place that would make Schrodinger's cat envious: it is both crap and brilliant in a constantly fluctuating state. On one hand, you have Clive Owen portraying a reluctant hero who has to shoot, stab, and generally dismember his way through a constant stream of bad people who cannot hit the broadside of a building with automatic weapons. The reluctant hero holds a special place in the hearts of action moviegoers everywhere since Bruce Willis’ iconic character, John McClane, blasted his way into the hearts, minds, lower intestines, and limbs of faux terrorists all over the world. Clive Owen keeps the basic rules of the reluctant hero alive by being able to hit what he is shooting at in ways that us mere mortals could not imagine while spending the entire time looking like who would more enjoy sitting in the waiting room at the local dentist. The movie is quiet satisfying if that is all it was but there is a strong anti-gun message throughout the entire film. The anti-gun sentiment accompanies a strong anti-company message and some good old-fashioned politician hate thrown in as well. For a movie that targets an audience of males 17-34, this is an odd choice. I do not mean to sound crass but it is almost like a porno movie preaching abstinence. I am sure what we watched was not the initial directors vision, but yet a perversion during a pitch meeting in Hollywood.

In fact, I am sure it went something like this:
Director: I wanna make a mindless action movie where a reluctant hero runs around for two hours and shoots bad guys.
Studio: That is awesome we want to make it. We have a few suggestions…
Director: Suggestions? About what, it’s a pretty straight forward movie. A guy runs around and deals death in the form of a wall of lead to bad guys. What more is there, unless you are talking about marketing tie-ins with people like Glock…
Studio: Well, we want the hero to have a heart of gold, our testing shows that most audiences like a heart of gold. In addition, mothers get upset about gun violence so we need to add a strong anti-gun message or we might be looking at protests. Also let us give our hero a sidekick, maybe a love interest, to help draw in the women. Also when I was a child a worker from a large company took my ice cream cone, so I want to add in an anti corporate message.
Director: So wait, lemme get this straight, you want to turn my 2 hours of shooting into an anti-gun campaign that also targets large companies while we just throw in sidekicks…
Studio: It is only going to be 80 minutes and it is that or we can give somebody else the money to make his or her movie…

You may be wondering what this has to do with security. I have seen some products that actually seem to get the same design by committee process.

Developer: I would like money to build the ultimate security product that everybody needs. It will work by stopping attacks by inspecting traffic into a network device and determining if its an attack.
VC: That’s awesome, we would like to give you money to do this, but we have a few suggestions…
Developer: Ok, I would love to hear them…
VC: Is there anyway you could make this product more buzzword friendly, like ASLR?
Developer: Address randomization really does not apply to network products…
VC: So we would have a great breakthrough if you made it work. We would also like you to add in stuff like anomaly detection and content filtering…
Developer: Does anybody want to buy a product like this?
VC: Sure, plus we can charge more, any way just sign on the dotted line in blo…err...ink.
Developer: Its kind of weird, its almost like you were about to say “sign in blood”…is it really necessary to tell me to sign in ink?
VC: Yes…Have a cookie.

No comments: