Superstar security researcher Dan Kaminsky (previously) wants to create a "National Institutes of Health for computer security" — a publicly funded research institution that figures out how to prevent and cope with large-scale security issues in networked devices.

Kaminsky is presenting at the upcoming O'Reilly Security Conference in NYC (me too), and he's done a great interview (MP3) with the O'Reilly Security podcast that ranges over this idea and other smart observations and insights on information security.



The hard truth is that there just are societal scale problems: cities burn, people need to transit from one location to another, we need food that doesn't poison us. The reality is that there are problems that affect all of us if they're present. The Internet is not a safe place right now, and, more importantly, the tools we're using to interact with it are relatively broken. This is a problem, but we shouldn't be ashamed.

I think we need to have a larger-scale response to the problems of the Internet. It has been a tremendous boon to our society. It is the heart of our economic growth. It's the greatest growth since the Industrial Revolution, but it's got some problems that we're not just going to guilt people out of. We've got to do some engineering work. We're going to have to share a lot more. The FBI has crime statistics, and it's incredibly useful on a societal scale. There needs to be this lack of shame that things are burning and say, 'Yeah, this breach, here's what happened.' Let's do some month-long investigations about what happened. Get that data out there and try to respond to it. This is not the first time we've had problems in an important tech, and it won't be the last time, but let's actually work on it. The reason I talk about the NIH is because they actually fund work on these sorts of problems, and things do get better.