Well-known security researcher Peter Gutmann has a draft of his book on Engineering Security available on his web page. He has a lot of good commentary about challenges that the security community is facing. So far, my favorite passage challenges the common mentality that security has to be 100% or it's just not worth having. Engineering an effective security solution in the presence of security geeks is an extremely difficult problem... Consider as an example of this a world where no-one ever locks their front door when they leave the house, and someone suggests that fitting locks and actually using them might help in dealing with the spate of burglaries that have occurred recently. This would be totally unworkable. If you lost your key you’d be unable to get into your own house. Conversely, anyone who found it or stole it could now get in. For a house with multiple occupants you’d need to get a new key cut for everyone in the house, including any temporary guests who were st...