Insecure systems are systems that call for a fix. Vulnerabilities attract attention, motivate a response, and evoke futures of risk and repair. But determining what exactly is wrong with a system and what would count as an adequate fix are complex matters that cybersecurity practice must grapple with. How fixes pan out – as ‘quick fixes’ or obstinate problems, as temporary sticking-plasters or permanent solutions – depends on a wide range of factors, including the technicalities of the afflicted system, networks of expertise and institutional contexts that enable information and software sharing, security discourses that set up semantic repertoires for problem formulation, and the interactions of actors, including developers, vendors, risk managers, network engineers, consultants, policymakers, standard setters, and adversaries. The papers in this Special Issue bring a wide range of theories, cases and methods to bear on securing, and offer new insights into the nature of securing as fixing. In this introduction I argue that this collective endeavour of thinking through fixing, thinking through the pragmatics of broken and repaired technology, provides a common ground for the advancement of critical interdisciplinary cybersecurity.
Matt Spencer (Tue,) studied this question.