The second phenomenon is the one for which I had to coin the term “integralism”. Scientific Thought, as I understand it, derives its effectiveness from our willingness to acknowledge the smallness of our heads: instead of trying to cope with a complex, inarticulate problem in a single sweep, scientific thought tries to extract all the relevant aspects of the problem, and then to deal with them in turn in depth and in isolation. (And every time a significant aspect of a complex problem has been isolated successfully, this is ranked as an important scientific discovery. As an example I mention John Backus’s introduction of BNF, capturing the context-free aspects of programming language syntax.) Dealing with some aspect of a complex problem “in depth and in isolation” implies two things. “In isolation” means that you are (temporarily) ignoring most other aspects of the original total problem, “in depth” means that you are willing to generalize the aspect under consideration, are willing to investigate variations that are needed for a proper understanding, but are in themselves of no significance within the original problem statement. The true integralist becomes impatient and annoyed at what he feels to be “games”; by his mental make-up he is compelled to remain constantly aware of the whole chain, when asked to focus his attention upon a single link. (When being shown the derivation of a correct program he will interrupt: “But how do you know that the compiler is correct?”.) The rigorous separation of concerns evokes his resistance because all the time he feels that you are not solving “the real problem”.

http://www.cs.utexas.edu/users/EWD/transcriptions/EWD06xx/EWD611.html

Preventing a specific attack is only one kind of improvement, though. Simplifying a system’s trust assumptions can also be a significant improvement, even though such a move seems less often seriously considered.

From a practical point of view, especially if we are including the prospect of public or industry adoption, I am more leary. It is difficult to convince people of the need for change, to introduce new paradigms, to implement and distribute systems, and especially to get companies to buy in to new developments and deploy them along with supporting policies and staff. Given the overhead costs, it is only worth pushing out ideas that make a substantial step in eliminating risks…just making it incrementally easier to do things right might not be enough. One issue is the direct costs involved in all of the above, but the greater concern is that having adopted a particular technology the players involved will likely be less enthuistic to adopt the next one…which may be MUCH better.

It is probably also that it is a knee-jerk reaction to what appears much too common in the security literature - people proposing new systems that address current problems without much analysis of the new avenues of attack that the system opens up. Often the newly proposed system is just as attackable…it just blocked a particular current attack.