This past weekend, I was watching Return of the King. Even though I think that the first one is my favorite, it is my opinion that the third one is the best one.
Anyhow, I was struck by how the characters behave in selfish manners in the movies but it totally translates over to real life. Consider the following two examples:
Sauron is a lot like all the spammers out there. You know, evil, dark, foreboding and threatening to take over the world (well, at least make the Internet useless). One of the ways that we in the security industry can overcome this is by aligning with each other and sharing data and intelligence.
There's a huge risk in sharing data. If all of the big players got together and traded data, then at the end of the day we'd all have pretty close to the same antispam effectiveness. What then becomes the differentiating factor? I don't want to give up my data if that guy won't give up his. Or, why should I release my data when mine is worth so much more than his? I don't want to give up everything and give him an edge to make him equal to me. Why should I have to put up with freeloaders who will disproportionately win from this? And others will disproportionately lose? And besides which, where are the Dwarves in all of this? Why aren't they kicking in some data?
These, of course, are real concerns. But on the other hand, I think a case can be made that it overlooks the bigger issue - our real enemies are not each other, but spammers are the target. I think it is true that if everyone were to open up and share data, we could eventually all get about the same effectiveness against spammers, more or less. There'd be gains here, sub-gains there, but they'd all be about the same. There wouldn't be a big service differentiator.
But I think what does distinguish us is that even though we are giving up a lot of data, we are all on the same side of saving the world -- from the spammers. There are far fouler things that crawl on the depths of the web than the good people coming to the aid of each other.
But on the other hand, maybe I'm just an unrealistic idealist.
I think there's one thing you're missing:
Companies such as Microsoft and IBM have their primary business in other areas -- in particular, it's in their best interests to fix the spam problem and maintain trust and usability.
Those sorts of companies are like Rohan and Gondor. While they might have moments as Theoden did, they do understand, ultimately, that it makes sense to collaborate for the good of all, and then go back to ruling their respective kingdoms.
But there are companies whose primary business is in fighting spam. If all you know how to do is fight the forces of Sauron, what happens when Sauron is defeated for good, and the ring is returned to the fires whence it came? What happens when you save the world?
What happens is that you're out of business.
In other words, a good portion of the antispam community thrives on the ubiquity of spam (and other malware), even as it develops ever better technology to fight it. That portion has little incentive, apart from the good will it generates, to share what they know.
<i>"I don't want to give up my data if that guy won't give up his. Or, why should I release my data when mine is worth so much more than his?"</i>
This is called a Nash equilibrium. You may enjoy reading <a href="http://www.amazon.com/New-School-Information-Security/dp/0321502787/ref=sr_1_1?ie=UTF8&s=books&qid=1247647324&sr=8-1">The New School of Information Security</a> which advocates sharing data.
LOTR spambusting FTW!
Instead of one ring to rule them all it could be one rule to ring them in?