I see enormous value in it and think it should be considered seriously.
On the other hand, the huge amount of value in it is also a reason I’m skeptical about it being obvious to be achievable: there are already individual giant firms who’d internally at multi-million annual savings (not to talk about the many billions the first firm marketing something like that would immediately earn) from having a convenient simple secure stack ‘for everything’, yet none seems to have something close to it (though I guess many may have something like that in some sub-systems/niches).
So just wondering whether we might underestimate the cost of development/use—despite from gut feeling strongly agreeing that it would seem like such a tractable problem.
I think the budget to do this is easily tens of millions a year, for perhaps a decade, plus the ability to hire the top talent, and it likely only works as a usefully secure system if you open-source it. Are there large firms who are willing to invest $25m/year for 4-5 years on a long-term cybersecurity effort like this, even if it seems somewhat likely to pay off? I suspect not—especially if they worry (plausibly) that governments will actively attempt to interfere in some parts of this.
Agree with the “easily tens of millions a year”, which, however, could also be seen to underline part of what I meant: it is really tricky to know how much we can expect from what exact effort.
I half agree with all your points, but see implicit speculative elements in them too, and hence remain with, a maybe all too obvious statement: let’s consider the idea seriously, but let’s also not forget that we’re obviously not the first ones thinking of this, and in addition to all other uncertainties, keep in our mind that none seems to seriously have very much progress in that domain despite the possibly absolutely enormous value even private firms might have been able to make from it if they had serious progress in it.
I see enormous value in it and think it should be considered seriously.
On the other hand, the huge amount of value in it is also a reason I’m skeptical about it being obvious to be achievable: there are already individual giant firms who’d internally at multi-million annual savings (not to talk about the many billions the first firm marketing something like that would immediately earn) from having a convenient simple secure stack ‘for everything’, yet none seems to have something close to it (though I guess many may have something like that in some sub-systems/niches).
So just wondering whether we might underestimate the cost of development/use—despite from gut feeling strongly agreeing that it would seem like such a tractable problem.
I think the budget to do this is easily tens of millions a year, for perhaps a decade, plus the ability to hire the top talent, and it likely only works as a usefully secure system if you open-source it. Are there large firms who are willing to invest $25m/year for 4-5 years on a long-term cybersecurity effort like this, even if it seems somewhat likely to pay off? I suspect not—especially if they worry (plausibly) that governments will actively attempt to interfere in some parts of this.
Agree with the “easily tens of millions a year”, which, however, could also be seen to underline part of what I meant: it is really tricky to know how much we can expect from what exact effort.
I half agree with all your points, but see implicit speculative elements in them too, and hence remain with, a maybe all too obvious statement: let’s consider the idea seriously, but let’s also not forget that we’re obviously not the first ones thinking of this, and in addition to all other uncertainties, keep in our mind that none seems to seriously have very much progress in that domain despite the possibly absolutely enormous value even private firms might have been able to make from it if they had serious progress in it.