Doing what I do in my day job, I sit through a lot of presentations on various aspects of security. I had the pleasure of sitting through a couple of presentations this week (one by a leading analyst on Web 2.0 security issues, and one by a vendor CTO). My short version of the takeaways from the talk were that there are a huge number of security issues related to Web 2.0 technologies, including cross-site scripting and many more. Many of these existed before Web 2.0, but are exacerbated by AJAX and other new technologies.

Without rehashing a lot of the detail from the event, the thing that really struck me was how similar my own internalized summary from t

he event was to almost every other security presentation I have heard in the last five years or so. You could almost use this as the punch line to every security issues talk: “The security issues are not generally well understood yet, they are going to be very significant, we’re pretty much screwed, and we don’t know where the solutions to the problem are going to come from.“

It’s a depressing conclusion to reach at the end of most talks on IT security. And I'm generally an optimistic person, so it's not like this is my "glass half empty" self talking.

I am also wading through Geekonomics, which appears to do a very good job of describing the big picture of how the IT industry has reached this particular place at this moment.