Is security harmful for innovation?

Some of my friends have been considering moving to Vista and have therefore asked me if it’s worth the money. My answer is an unconditionally yes, but then they ask why that is and what features are worth the upgrade? That’s an easy question to answer because there is only one big feature that is far superior to XP and that is security. I know there are hundreds of details and sub processes that are far better in Vista, but it is hard to point them out to a regular computer user and it’s definitely not a selling point they can relate to. Try telling someone that Vista is much more stable than XP, when that person’s XP machine never crashes or that the .NET 3.0 runtime shares more components between worker processes. They just can’t relate.

Herein lay the essence of the problem that is emerging in many software products nowadays. Security gets too much attention. Think about the features that were announced to be included in Vista but didn’t make it because lack of time, such as WinFS. Instead Microsoft concentrated on security, security and more security.

The Live Messenger API has also been locked down so you can’t send files or do anything that could be used to spread vira or other nasty things. Because of security, the Messenger API is completely useless and no new cool products can be made by third-parties on top of it. The problem is not the security itself, but in the things it effects. In Vista it had the effect that Microsoft had to cut back on other important features too make the deadline. In the Messenger API it totally ruined the usefulness of it.

What happens when security gets too much attention is that other features gets neglected or cut from the final product. In cases like the Messenger API it slows innovation and decreases the freedom for the developers. That is a major concern. To what length are we willing to go for securing our applications when it comes to cutting back on functionality? It depends on the type of application of course, but the question remains. Security is damn important, don’t get me wrong, but so is innovation.

Luckily for me, the Messenger API is free and I don’t have to pay for Vista, but to build an entire system where the only real selling point is security is the unsexiest thing to do and I would never buy it on that argument alone. I have never had anti virus software installed on my XP and I have never had a single virus neither. I sometimes run an online virus scanner that finds absolutely nothing. So for me, the extra security features are a nuisance and makes my workday harder.

Security is not the opposite of innovation in any way, but it can be if you let it. Just think of all the cool things that didn’t make it in the Vista release in the name of security.