Being strong on security means exposing a problem and addressing it, not covering it up by punishing the messenger.

"The nail that sticks up gets hammered down." It's one of those phrases that embodies a principle that means different things in different situations, to different people. When a person exposes a problem, is the problem the problem, or is the person the problem? I believe that people of knowledge and ability are our greatest assets.

I think this is directly relevant to what we see unfolding before our eyes right now. On one hand, I have massive respect for the law enforcement agencies that tackle security problems. On the other, I fear their potential to be reactionary rather than mindful of purpose.

If we are to achieve real security, we can not simply opt for the path of least resistance. We must tackle problems rather than brush them under the rug, where they still exist, and can be found by others. As many on this system can attest, exposing security problems is like donning a big target; few are happy to see the messenger.

The manor in which information about a vital problem is exposed must be done ethically, but it is important to remember that ethical (or responsible) disclosure is an area that has no clear black and white distinctions. Many of the gray areas are defined by the means of the messenger. Do not lose sight of the big picture.