There has been quite a bit of discussion on my local LUG[1] mailing list regarding the recent essay by Marcus Ranum[2].

His essay is quite thought provoking, and has generated a lot of comments along the lines of "my site is more insecure than yours!" I passed a comment about the stupidity of some of the measures we are forced to undertake, that actually reduce security, but keep the auditors happy, which I've learnt is called "Security Theatre" and is a pet hate of security guru Bruce Schneier[3].

1. www.hants.lug.org.uk
2. www.ranum.com
3. www.schneier.com