A hundred small conservative decisions, and the impact on science.

Yesterday, I played a bit with some lightweight coding (which is neither my job nor my expertise). I was quite unsuccessful in getting my little project to work, but about half way through I realized that while I might be able to get the program to work, my code was certainly not going to be secure. I realized that even if I got it working, I wouldn't put it on an LBL server because of the off chance that it might be hacked.

You may think this is a morality tale about the importance of thinking about security, but in fact, it's almost the reverse. The truth is that my insecure code would have posed a very limited risk to the Lab, and if it had been exploited (unlikely) it would have done almost no damage to turn it off and clean it up. Yet, because of the attention to security, the perceptual risk is far greater then the real one.

Every day, a few thousand scientists - those the organization selects for their ability to ask new questions in new ways and to develop new tools to ask those questions - are faced with this same issue. And every day, perhaps a few small decisions are made to be conservative and not attempt to create the tool, try the new thing, or play with something interesting because of these kinds of worries. The losses from this behavior are unknown to us, they may be imperceptible, or they may be substantial. What we know is that the great research institutions in history have valued an atmosphere of open expression and freedom to explore the new, the unproven, and the risky.

Will the next World Wide Web or Cyclotron go unbuilt because a researcher feared what might happen if they didn't implement it securely?