Even Kawasaki seems to be changing his rules. He says security is amigraine headache that has to be solved. "Don't tell me how to make mywebsite cooler," he says. "Tell me how I can make it secure."

"Don't worry, be crappy" has evolved into "Don't be crappy." Softwarethat doesn't suck. What a revolutionary concept.

Why Is Software So Insecure?

Software applications lack viable security because, at first, theydidn't need it. "I graduated in computer science and learned nothingabout security," says Chris Wysopal, technical director at securityconsultancy @Stake. "Program isolation was your security."

The code-writing trade grew up during an era when only two thingsmattered: features and deadlines. Get the software to do something,and do it as fast as possible. Cyra Richardson, a developer atMicrosoft for 12 years, has written code for most of the company'smajor pieces of software, including Windows 3.1. "The measure of agreat app then was that you did the most with the fewestresources" - memory, lines of code, development hours, she says. So noone built secure applications, but no one asked for them either.Windows 3.1 was "a program made up almost entirely of customers'grassroots demands for features to be delivered as soon as possible,"Richardson recalls.